Which aspect of EPP are you submitting for?
Endpoint Protector Client
What is a one sentence summary of your feature request?
A dedicated “Authentication USB Device” category that consolidates USB storage and card reader recognition for authentication tokens into a single controllable device type is needed, so a consistent and effective access policy can be configured, including the ability to block user authentication.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
EPP agent currently detects USB authentication tokens as two separate device types: USB Storage Device and Card Reader. Because the authentication function spans both device classifications, a user’s authentication cannot be blocked regardless of how the rights are set (Allow/ Deny Access) for either device type individually.
For ease of management, a single unified category that encompasses the full behavior of these authentication USB devices would be needed. This would allow admins to manage one entry rather than maintaining parallel rights across two separate device types (rights that, as it stands, do not achieve the intended result).
This unified category would also need to include the ability to block authentication entirely. Whether this is implemented through the existing “Deny Access” right applied at the category level, or through a dedicated third control option that is determined to be more technically appropriate. What matters is that the control is effective, meaning that when admins configure a block, the user is fully prevented from authenticating via the device.
How do you currently solve the challenges you have by not having this feature?
At the moment, no reliable workaround is available within EPP. Applying “Deny Access” right to both USB Storage Device and Card Reader categories simultaneously has not been sufficient, as authentication remains functional regardless.