I don't see how this could be possible - a USB key and a cellphone which supports USB storage are exactly the same as far as the OS is concerned - both are simply Generic USB storage devices. The only difference is the vendor ID etc.
What exactly is your use case? I am confused as to why you'd want to allow USB sticks, but not allow USB storage phones etc?
Apple is a little different as it does not present itself as a generic USB storage device etc, but same question - why is a USB stick ok, but a phone, not?
Well, we have an USB rule that is already blocking USB as expected, but Mobile phones are not considered USB protection rule as they are considered plug and play. So What we need is a rule that can block all the mobiles phones without needs to put every Vendor ID. I have tested a plug and play rule setting up the Vendor ID and it is blocked but it is impossible definí for each provider (apple, Samsung) the Vendor id
The way we were able to get this to work was by creating a Device Definition with the below Parameters. When a device is plugged in to the system, in Device Manager you will see it under the Portable Devices category. You may need to create exception definitions (bluetooth, imaging devices, etc). You can then select these definitions as excluded to prevent them from being blocked in the rule.
Bus Type: USB
Device Class: Windows Portable Devices (screen shot inserted)
Also, keep in mind you may have some users that will need an exception, so you may need to have two rules, one rule to block and one rule to just monitor. Hope that helps.
I have done a quick test and it works perfect!! I need to test deeply but thank you very much for your big help
You're welcome. Happy to hear that it worked out for you.
I would suggest that you enforce the USB + WPD definition in Monitor for a period of time before blocking. Cameras and scanners will match the above definition as well.
Smart phones connect to the OS using a MTP protocol. If your intent is to protect sensitive data from being copied to Smart phones, in v9.3 MTP is supported by Removable Storage Protection rule.
This does not allow you to set the device as Read-Only though.