Unable to Block USB Keyboard by Application and Device Control

book

Article ID: 156788

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

An administrator has correctly created an Application and Device Control (ADC) policy to block all USB ports on the machine.  The USB Mouse is blocked, but the USB Keyboard retains full function. The same non-blocking behavior is observed when the Class GUID for keyboard devices is set to block.

 

 

Cause

Application and Device Control cannot block PS/2 compliant USB keyboard devices. This functionality is by design, as noted in the below documentation excerpt:

The Application and Device Control Policy does not block human interface devices (HIDs) such as PS2 devices. 
----------------------------------------------------------
Blocking PS/2 devices by using the setting Human interface Device
----------------------------------------------------------
The Application and Device Control Policy does not block Human Interface Devices (HIDs) such as PS/2 devices. This functionality is by design.
Human Interface Device blocking functionality works as follows:
- USB block = The USB block will successfully block a USB mouse, however, a USB keyboard is not blocked.
- HID block = The HID block will successfully block a mouse, however, a HID keyboard is not blocked.
- If a device has a PS/2 connection, nothing is blocked.- A keyboard device will be blocked if the Class GUID for keyboards is added and blocked by policy, only when using a remote connection such as RDP. This is because the keyboard device uses a Device GUID of TermInput, not PS/2, HID or USB.

 

Resolution

This functionality cannot be provided by Symantec Endpoint Protection.