Changing the trust level of a USB device

There are three trust levels for USB devices in SES Evolution:

  • Level 0: The device was plugged into an SES Evolution agent but is not recognized because it does not have an SES Evolution identifier.
  • Level 1: SES Evolution assigned an identifier to the device. SES Evolution therefore recognizes this device. However, its contents were not analyzed.
  • Level 2: An antivirus analyzed the contents of the device on a decontamination station. They were always modified within your SES Evolution pool. The device therefore does not contain any malicious files and is considered trustworthy.

The trust level of a device is recognized throughout your SES Evolution pool, and does not depend on agent groups.

Once the trust levels are assigned, use them to filter the USB devices allowed in your pool. For example, you can protect your pool by creating a rule that allows only level 2 USB devices. For further information, refer to the section Controlling storage on USB devices.

For security reasons, the trust level of a USB device cannot be changed in the following cases:

  • If the user session on the agent is locked or signed out,

  • If the agent is remotely controlled through a remote desktop connection,

  • If the device was already connected when the agent started running.

To change its trust level, the device must be inserted after the user session is opened on the physical workstation.