Blocking a USB Device Dynamically

[mughisq]

I am looking into blocking USB devices "dynamically" based on device class or serial number. By dynamically, I mean that it should be without user intervention such as registry manipulation as given in some of Micrsoft's solutions. Devices should be blocked on pre-configured device classes or serial numbers.

I have read the Jan Axelson's book, especially the "Ch. 4: Enumeration", as well as searched online resources. But haven't found a starting point yet.

Any suggestions or pointers in this regard will be appreciated.

[Jan Axelson]

Without user (or admin) intervention, how will the system know to block the devices? Someone has to tell it.

Maybe this will be useful:

http://diaryproducts.net/about/operating_systems/windows/disable_usb_sticks

Jan

[mughisq]

Hi Jan,

To answer your question, user or system admin could configure filters (device classes, serial number) in a file. This file can be consulted during enumeration and the devices allowed accordingly.

I have taken a cursory look at the link you provided. First, it appears to be Storage device specific. Not sure if it will work for non-storage USB devices. Secondly, it involves modification/addition/deletion of files which I want to avoid

[Jan Axelson]

In theory, you could write a filter driver that monitors enumeration and refuses to configure certain devices.I don't know of any examples or if in fact it's possible under Windows.

Jan