DataLocker Managed USB Lock Data Loss Prevention for Removable Storage User Guide

June 6, 2024
DATALOCKER

DataLocker logo PortBlocker
PortBlocker User Guide
DataLocker Inc.
January 2021

About PortBlocker USB Port Control

DataLocker PortBlocker is an endpoint protection agent that limits which USB Mass Storage Devices can be used on a workstation. Your SafeConsole administrator can define which devices are allowed to be used. PortBlocker is commonly used to allow only SafeConsoleReady devices to provide a full encrypted and managed solution for portable device usage.
Affected Devices
PortBlocker can filter USB mass storage, MTP, PTP, and UASP (USB Attached SCSI) devices. Other devices, such as USB mice and keyboards, are always allowed.
Common USB-connected peripherals known to use the USB mass-storage device class:

  • USB flash drives
  • USB external hard drives
  • MP3 players
  • Digital cameras
  • Media card readers
  • Cellular devices

Note: It will still be possible to charge portable devices via USB.
Windows Installation
Note: Installation requires administrative permissions. Please contact your administrator to complete this process if PortBlocker is not already installed.

  1. Double click the PortBlocker-Setup.msi. This will launch the install wizard.

  2. On the first page of the installer, read and accept the License Agreement and click Install.
    DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig2 Note:
    Installing PortBlocker requires administrative privileges.

  3. The installer will show a progress bar as it installs drivers signed by DataLocker.
    DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig3

  4. Once the installer is finished, check the Launch DataLocker PortBlocker checkbox if it’s not already selected, and click Finish.
    DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig4

macOS Installation
PortBlocker for macOS is distributed as a PKG installer inside of a DMG file. To start the installation process double click on the .dmg file then double click on Install. pkg.

DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig6

Follow the installation wizard and agree to the license agreement. You will be prompted to enter your User Name and Password to continue. During installation, you may receive a notification that System Extensions are blocked. As indicated on this notification open the Security & Privacy System Preferences. Click the lock icon to make changes and re-enter your admin User Name and Password. Finally, click Allow to load the blocking software from “Data Locker Inc.”

DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig7

PortBlocker will now be installed and block all affected devices until registration is complete.

Registration

Upon first launch, registration will be the only option available. All affected devices will be blocked until registration is completed. See the affected Devices section for more details.
If PortBlocker is installed with the registration command line parameters, these steps can be skipped.
To register your application:

  1. Type in the SafeConsole Connection Token provided by your SafeConsole administrator.
    DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig8

  2. Select the desired language.
    Note: Changing from the default may require PortBlocker to be restarted.

  3. Check the EULA checkbox and click Connect.
    Any optionally enabled policies will appear at this point.
    •Unique User Token:
    DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig10•Administrator Registration Approval:
    DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig12

  4. PortBlocker will register the application and apply the appropriate policies. The client will show the Settings page by default.
    DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig13

Expected Behavior

A SafeConsole Admin can set policies that will match USB devices to one of three behaviors.
Blocked
When a device, which is set to Block, is inserted into the computer, the device will not be mounted. No data will be able to be transferred in this state. If configured, PortBlocker will display a notification indicating that the device was blocked.

DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig14

Read Only
When a device, which is set to Read Only, is inserted into the computer, the device will be mounted.
No data will not be able to be transferred to the device in this state. If configured, PortBlocker will display a notification indicating that the device is in read-only mode.

DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig16

Full Access
When a device, which is set to Full Access, is inserted into the computer, the device will be mounted like normal. No modifications will be made to limit data transfer. If configured, PortBlocker will display a notification indicating that the device was allowed.

DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig17

Note: Allowed event notifications will also be shown for all non-storage USB devices.

User Interface

Launching the PortBlocker client will allow interaction with PortBlocker, including managing optional settings.
Settings Tab
There are several options for configuring the settings on the PortBlocker client. The Settings page will be shown by default upon launching the PortBlocker client. If not already there, click on the Settings tab to access the available settings.

DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig19

Show Notifications
By checking the Show Notifications checkbox, you will see desktop notifications regarding the PortBlocker application. These notifications will show on your desktop, regardless if the client is open or not. Notifications are shown when a device is inserted into the user’s machine, with information regarding the status of the inserted device. Clicking on the notification will bring up the client.
This setting may be disabled by your SafeConsole Admin.
UI visible on system startup
The PortBlocker service launches automatically on startup, but the client does not. By checking the UI visible on the system startup checkbox, PortBlocker will appear minimized with a tray icon. If this setting is disabled, the tray icon will not be present unless a device is plugged in or the administrator issues a reset command.
Note: Disabling this option will not keep the PortBlocker application from running on the computer.
Enable debug logging
Checking the Enable debug logging option will write the application logs to the local machine for investigation. DataLocker Support may ask that you enable this for troubleshooting purposes.
Language
Allows changing the language of the PortBlocker User Interface.
Note: Changing from the default may require PortBlocker to be restarted.
Policy Updates
The policy will update when the Refresh icon is clicked. Automatic updates are applied every 10 minutes, even when the client is closed. If you wish to update the policy manually, click the Refresh icon at the top right.
To update the policy manually:

  1. Click the Settings tab on the client. PortBlocker opens the Settings page by default upon launch.
  2. Click the Refresh icon in the upper right-hand corner.
  3. PortBlocker will check for updates from the SafeConsole server and apply them.

About Tab
The About tab will show the technical details of the PortBlocker endpoint.

DataLocker Managed USB Lock Data Loss Prevention for Removable Storage -
fig20

The information includes the following:

  • SafeConsole URL that the client is registered to
  • Serial number of the client
  • Owner of the client
  • Version number
  • Driver version
  • Copyright information

A copy of this information can be provided to your administrator or to technical support during additional troubleshooting.
A link to the EULA is listed below the technical details.
Tray Icon
PortBlocker launches automatically on startup, displaying a tray icon. Clicking on the tray icon or selecting the application from the start menu will bring up the client.

Note: By checking the UI visible on the system startup checkbox on the Settings page, PortBlocker will appear minimized with a tray icon. If this setting is disabled, the tray icon will not be present unless a device is plugged in or the administrator issues a reset command.

Allowing Devices

To allow a specific device or a group of devices so that they can be used, please contact your SafeConsole administrator. They may ask you to send the technical details from the PortBlocker client to assist in allowing the device to be used. See the about Tab section for more information.

Updating PortBlocker

If automatic updates are enabled in SafeConsole, PortBlocker will notify the user if an updated version is available on startup. If an update is found, the user will be prompted to download and install the newest version. If PortBlocker is already registered to SafeConsole, the registration will be preserved.
Note: Installing the newest version of PortBlocker will require local admin access.
Uninstalling
To uninstall PortBlocker please contact your SafeConsole Administrator.

Troubleshooting

For help with PortBlocker, contact your SafeConsole administrator or visit the port locker Support Page.
Where Can I Get Help?
The following resources provide more information about DataLocker products. Please contact your
Help Desk or System Administrator if you have further questions.

NOTE: DataLocker is not liable for technical or editorial errors and/or omissions contained herein; nor for incidental or consequential damages resulting from the furnishing or use of this material. The information provided herein is subject to change without notice. The information contained in this document represents the current view of DataLocker on the issue discussed as of the date of publication. DataLocker cannot guarantee the accuracy of any information presented after the date of publication. This document is for information purposes only. DataLocker makes no warranties, expressed or implied, in this document. DataLocker and the DataLocker logo are trademarks of DataLocker Inc. and its subsidiaries. All other trademarks are the property of their respective owners.
Note: Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

DataLocker logo© Copyright DataLocker Inc.

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals