Changing the trust level of a USB device

There are three trust levels for USB devices in SES Evolution:

  • Level 0 - : For the SES Evolution agent, the device is neither enrolled, nor trusted. The device is plugged into the SES Evolution agent but the backoffice has not yet assigned an unique ID to it.
  • Level 1 - : For the SES Evolution agent, the device is enrolled, but not trusted. The device is known and the backoffice has assigned a unique ID to it. Either its content has not yet been verified or it has changed since the last verification (when changes are made to a host outside the SES Evolution pool, for example). The device must be analyzed by an air-gapped workstation to switch to level 2.
  • Level 2 - : For the SES Evolution agent, the device is enrolled and trusted. The device is known to the backoffice with a unique ID and its content is considered trusted. This level indicates that the device has been analyzed by an antivirus on an air-gapped SES Evolution workstation and that it does not contain any malicious files. This trust level will be maintained as long as the device's content is changed within the SES Evolution pool.

The trust level of a device is recognized throughout your SES Evolution pool, and does not depend on agent groups.

Once the trust levels are assigned, use them to filter the USB devices allowed in your pool. For example, you can protect your pool by creating a rule that allows only level 2 USB devices. For further information, refer to the section Monitoring storage on USB devices.

For security reasons, the trust level of a USB device cannot be changed in the following cases:

  • If the user session on the agent is locked or signed out,

  • If the agent is remotely controlled through a remote desktop connection,

  • If the device was already connected when the agent started running.

To change its trust level, the device must be inserted after the user session is opened on the physical workstation.