Hello, I am a Cisco Secure Endpoint beginner.
I want to control USB through Device Control function.
I created a policy to block all USBs except for USBs from certain vendors.
I actually did the test, and I checked the client's pop-up and the log on the Cisco Secure Endpoint Dashboard that it was allowed when I connected USB from a particular vendor.
What I'm curious about is that when I unplug and reconnect the USB, access was allowed normally, but no pop-up was generated in the client, and I couldn't check the log on the dashboard.
I checked all of the Cisco Secure Endpoint guides, but I couldn't find anything about them.
If the USB allowed by policy is allowed once, is it right to operate bypass when the USB is removed and connected again?
If anyone is familiar with this, I hope you can help me.
Please let me know if I'm mistaken.
Thank you.