USB detection
The USB Detection view allows you to configure FortiNAC to be notified in the event that a USB device was plugged into a host on the network. When a USB drive is detected, FortiNAC events can be mapped to alarms to specify an action based on the host where the USB drive is connected. You can also indicate which drives should be ignored by the system, regardless of the hosts they are connected to.
This feature requires Agent 3.3 or higher. This feature is only supported on Windows hosts.
Settings
Icon/field |
Definition |
||
---|---|---|---|
Enable USB Detection |
When enabled, if a USB drive is plugged into a host, the agent will detect the USB drive and notify FortiNAC. |
||
Prevent Detection on Host Group |
Select the host group where you wish to prevent USB detection. If the USB connects to a host within the selected host group, the USB is ignored and no event is generated. Click the Add icon to add a group. Click the Modify icon to modify the selected group. |
||
Event to alarm mappings |
|||
USB Drive Detected |
Allows user to configure an event to alarm mapping for when the USB drive is present when the agent is started. |
||
USB Drive Added |
Allows user to configure an event to alarm mapping for when the USB drive is added while the agent is running. |
||
USB Drive Removed |
Allows user to configure an event to alarm mapping for when the USB drive is removed while the agent is running. |
||
Allow USB drives |
|||
Name |
The name of the USB drive. |
||
Device ID |
The Device ID for the USB drive from the registry key. |
||
Device Class |
The Device Class for the USB drive from the registry key. |
||
Friendly Name |
The Friendly Name for the USB drive from the registry key. |
||
Right click options |
|||
Delete |
Deletes the selected USB drive. |
||
Modify |
Opens the Modify Allowed USB Drive dialog. |
||
Show Audit Log |
Opens the admin auditing log showing all changes made to the selected item. For information about the admin auditing log, see Admin auditing.
|
||
Buttons |
|||
Export |
Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data. |
||
Save Settings |
Click to save the USB detection settings. |
Add/modify an allowed USB drive
- Click System > Settings.
- Expand the Persistent Agent folder.
- Select USB Detection from the tree.
- Click Add or select an existing USB drive and click Modify.
-
Enter the name for FortiNAC to use to identify the USB drive that is being allowed.
-
Run
regedit.exe
to access the registry key. -
Expand
HKEY_LOCAL_MACHINE>SYSTEM>
CurrentControlSet>Enum>USBSTOR
If
CurrentControlSet
is not available, you can also find USBSTOR inControlSet001
. -
Expand the folder for the device containing the information you wish to add or modify, and click the key.
The key values appear.
The asterisk (*) wildcard can be used at the beginning and end of all values you enter.
-
Enter the following values from the registry key:
- Device ID: The first value from the Hardware ID key as defined in the Registry entry for the USB device in: HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Enum>USBSTOR (e.g., UBSTOR\DiskStaples_Relay_UFD_______1.18).
-
Device Class: The value from the Class key as defined in the Registry entry for the USB device in
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Enum>USBSTOR
If the class value is empty or is not present in the registry, leave the Class field blank. Otherwise, the rule will not match and an event will be generated.
- Friendly Name: The value from the friendly name key as defined in the registry entry for the USB device in
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Enum>USBSTOR
- Click OK.
Import allowed USB drives
You can import multiple USB drives at a time to the list of Allowed USB drives.
- Click System > Settings.
- Expand the Persistent Agent folder.
- Select USB Detection from the tree.
-
Click Import.
- Enter the Name, Device ID, Device Class, and Friendly Name for each USB drive you wish to import in the specified format.
- Click OK.
Delete an allowed USB drive
- Select System> Settings.
- Expand the Persistent Agent folder.
- Select USB Detection from the tree.
- Select a USB drive in the Allowed USB Drives list, and click Delete.
- A confirmation message is displayed. Click Yes to continue.