Atomus Aegis
      Back to home
      1. Home
      2. Atomus Aegis

      USB Whitelisting

      A guide to the Atomus controlled USB access product (available for MacOS and Windows devices)

      Don't see this feature in your Aegis application? Reach out to customer success to learn more today.

      Feature Onboarding

      Once the USB whitelisting feature is enabled in your organization, access to all USB devices will be disabled by default. Users will need to go through the request and approval process to get access to each USB device that they want to use on their respective platform (MacOS or Windows).

      Aegis Application

      Requesting access to a USB device

      1. Open the USBs section in the Aegis application by clicking the arrow icon.

      2. Plug in a USB device and click "Request" to send a request to your organization's administrator.

      Note: you may see the "Device Control" popup (on MacOS) or "Device Access Restricted" notification (on Windows) showing that the device is blocked. Safely close the notice message and open the Aegis Application to request access for the USB device.

      3. When a request is sent, your administrator will receive an email to respond to the request. Once the USB device is approved by an administrator, it may take up to an hour until it becomes available on your device. You will see a green checkmark next to the device in the Aegis application.

      Monitoring a device's status

      A USB device in the Aegis application may show any of the following statuses:

      • Approved - your access request has been approved and the USB device is available on your machine.
      • Declined - your access request has been declined and the USB device is not available on your machine. You can re-request the device if needed.
      • Pending - your access request has been sent to the administrator but they have not approved nor declined it yet. You can send a reminder to your administrator by clicking the "Nudge" button.
      • AwaitingSync - access to a USB device has been approved, and the access settings have not been applied to your device yet. See troubleshooting tips below if the USB device sits in this state for longer than one hour.

      Troubleshooting: our administrator approved a device, why is it in the AwaitingSync state?

      This feature relies on Microsoft Intune which requires stable internet connection. If the device hasn't synced within one hour, follow these steps to forcefully-apply the latest settings on Windows or MacOS.

      What if I don't have internet?

      Without stable internet connection, you will still be able to use any USB devices that were previously approved by an administrator.

      In the Aegis Application you will be able to see any cached access requests that you have sent as well as all currently plugged in USB devices. You will not be able to send access requests and any administrator-approved requests will not sync until you are back online.

      For Administrators: Atomus Security Dashboard

      Approving or declining an access request

      1. From the Atomus Security Dashboard, click on the "Usbs" tab.

      2. Click into MacOS or Windows to expand the requests that have been made by users on that platform. Hover over the "Requesting Users" badge to see which employees have requested to use a device.

      3. Click "Approve" to allow or "Block" to decline access to the USB device. Note: any changes made will apply to all devices for the indicated operating system (MacOS or Windows) in the organization.

      4. Once approved, the USB device will be available for all internet-connected and domain joined devices on that operating system (i.e. MacOS or Windows) within one hour.