Configure the USB Defender local policy connector in LEM

The USB Defender Local Policy connector enables a LEM Agent to enforce restrictions on USB devices, even when the Agent is not connected to the LEM Manager. Instead of using rules when disconnected, the connector uses a list of permitted users or devices. The Agent compares the fields in all USB device-attached events to a locally stored white list of users or devices. If none of the fields match an entry on the list, the Agent detaches the device.

When the Agent is connected to the Manager through the network, the Manager rule also applies. Any devices listed in the local white list must be in the User Defined Group for authorized devices. Otherwise, the rule takes effect and the device detaches even though it was allowed by the white list in the USB Defender local policy. When the Agent is connected, the USB Defender Local Policy and the LEM rule are active.

  1. Create a text file with one entry per line.

    This file serves as the local policy. Each entry can be a user name or a USB device ID, from the Extraneous Info field of an attached alert.

  2. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  3. On the LEM toolbar, navigate to Manage > Nodes.

  4. Next to the target node, click , and then select Connectors.

  5. In the Refine Results pane, enter USB defender.

  6. In the Connectors grid, locate the USB Defender Local Policy connector.

  7. Next to the connector, click , and then select New.

  8. In the UDLP pane, click the ellipsis () button, and then locate the text file you created above.

  9. Upload your list to the connector, and then click Save.

  10. When the new connector appears in the Connectors list, click , and then select Start.

The authorized devices in the local white list must also be in the UDG for Manager Detach Unauthorized USB rule or the rule on the Manager enforces detachment when the laptop is connected to the network. In reverse, if you are using a blacklist and the device is in the USB Local Policy and not in the User Defined Group of the rule, the device still detaches.

Having a device or user in one white list or black list and not in the other is not recommended and yields inconsistent results.