Jump to content

Device Control - is it possible to control USB keyboard and mice?


RyanTsai
 Share

Go to solution Solved by MichalJ,

Recommended Posts

  • ESET Staff
  • Solution

Hello, as of now it is not possible to use device control for blocking / controlling USB keyboard and mice. We will track that as an improvement request for future versions.

 

However, I would like to know more about your usecase. Will be the devices managed remotely by ERA? Would you like to block all USB peripherals (Keyboard / Mice)? What about the case, when a service team comes in, and it needs to perform some maintenance of the machine locally? Will there be a process in place, that will deploy a different policy for that time? Blocking input devices is tricky, if you do it locally, you have effectively locked yourself out of the machine, and you won´t be able to control it. Therefore, the use-case needs to be properly validated before proceeding. Please provide more information about the problem scenario, you are trying to solve.

Edited by MichalJ
Link to comment
Share on other sites

Hello, as of now it is not possible to use device control for blocking / controlling USB keyboard and mice. We will track that as an improvement request for future versions.

 

However, I would like to know more about your usecase. Will be the devices managed remotely by ERA? Would you like to block all USB peripherals (Keyboard / Mice)? What about the case, when a service team comes in, and it needs to perform some maintenance of the machine locally? Will there be a process in place, that will deploy a different policy for that time? Blocking input devices is tricky, if you do it locally, you have effectively locked yourself out of the machine, and you won´t be able to control it. Therefore, the use-case needs to be properly validated before proceeding. Please provide more information about the problem scenario, you are trying to solve.

 

Thanks for the reply Michal! Basically one of my clients have setup some locked down kiosk machines for their in-shop customers. These kiosks have touch screens and run custom software on top of Windows, which includes vitual-onscreen keyboards. One of the functionality is that they provide USB ports for their customer to plugin USB storage devices or card readers in order to print files off these devices. They're concerned about that security of these kiosks might be compromised if customers plugin USB keyboards/mice and then somehow get around the custom software, which is why they want to control USB keyboards and mice.

They're planning to have these machines managed remotely by ERA, in case of doing service their idea is to use remote desktop. In the case that network is not available,  they'll either use the touchscreen to perform service, or in the worst case scenario, uninstall antivirus software in safe mode then re-install afterwards.

Another thing to consider would be how the touch screen drivers are implemented, if it emulates USB mice/keyboards then obviously this cannot work.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...