Changing the trust level of a USB device

There are three trust levels for USB devices in SES Evolution:

  • Level 0: the SES Evolution agent does not consider the device enrolled or trusted. The device is plugged into the SES Evolution agent but the backoffice has not yet assigned an unique ID to it.
  • Level 1: the SES Evolution agent considers the device enrolled but not trusted. The device is known and the backoffice has assigned a unique ID to it. Either its content has not yet been verified or it has changed since the last verification (when changes are made to a host outside the SES Evolution pool, for example). The device must be analyzed by an air-gapped workstation to switch to level 2.
  • Level 2: the SES Evolution agent considers the device enrolled and trusted. The device is known to the backoffice with a unique ID and its content is considered trusted. This level indicates that the device has been analyzed by an antivirus on an air-gapped SES Evolution workstation and that it does not contain any malicious files. This trust level will be maintained as long as the device's content is changed within the SES Evolution pool.

The trust level of a device is recognized throughout your SES Evolution pool, and does not depend on agent groups.

Once the trust levels are assigned, use them to filter the USB devices allowed in your pool. For example, you can protect your pool by creating a rule that allows only level 2 USB devices. For further information, refer to the section Controlling storage on USB devices.

For security reasons, the trust level of a USB device cannot be changed in the following cases:

  • If the user session on the agent is locked or signed out,

  • If the agent is remotely controlled through a remote desktop connection,

  • If the device was already connected when the agent started running.

To change its trust level, the device must be inserted after the user session is opened on the physical workstation.