Skip to main content

USB Host Whitelisting

USB host whitelisting is a security measure used to control and restrict the types of USB devices that can connect to a computer or network. By maintaining a whitelist, only approved and trusted devices are allowed access, thereby reducing the risk of unauthorized devices causing harm or accessing sensitive data.

There are two primary USB operational modes: USB Host and USB Client (or Device) mode. A device operating in Host mode manages the communication, provides power and initiate data transfers to connected USB devices. USB Client mode refers to the devices (often referred to as peripherals) that connect to a USB Host. In Client mode, the device waits for commands from the Host and responds accordingly, sending data when requested or receiving and processing data sent by the Host.

Tap Datalogic Settings > USB to open the USB settings main page.

Access

Slide the USB client data toggle to enable/disable the USB client mode. Your device won't be recognized by the Host PC.

Slide the USB host data toggle to enable/disable the USB Host mode. Your device won't detect any peripherals.

Tap Datalogic Settings > USB > USB host whitelisting to open the USB host whitelisting main page.

For USB host mode, you can create a list of approved USB devices that are allowed to connect to your device even if USB host data is set to OFF.

Tap Datalogic Settings > USB > USB host whitelisting to open the USB host whitelisting main page and display or edit this list.

Home

The list in the main page shows the whitelisted devices and the connected devices (if USB host data is enabled).

Tap Filter by to select the filter criteria:

  • Whitelisted only - display only whitelisted devices
  • Not whitelisted - display only connected devices
  • All devices - display both whitelisted and connected devices.

Tap the + button at the right bottom of the screen to add a device.

For each device in the list, the following details are shown:

  • ID - device ID, displayed as "Vid(Vendor ID):Pid(Product ID)"
  • Name
  • Description
  • Persistence - indicates the persistence of the device's whitelist in memory
  • Connection icon - shows the connection status (connected/disconnected).

The persistence levels are the following, in ascending order:

  • Reboot - Persistence only at reboot. Objects with this level of persistence will be deleted only after a reset or an espresso package installation
  • Enterprise reset - Persistence at enterprise reset. Objects with this level of persistence will be deleted after only a factory reset or an espresso package installation
  • Factory reset - Persistence at factory reset. Objects with this level of persistence will be deleted after an espresso package installation
  • Default - Objects with this level of persistence cannot be deleted.

Devices added via Configuration Manager or Datalogic Settings have always Reboot as level of persistence. To edit the lists with persistence levels Enterprise reset or Factory reset, an espresso package is needed. Devices with level of persistence Default can only be displayed.

How to add/edit a connected device

To add a connected device to a whitelist (persistence level: Reboot) tap the + icon. A popup appears where you can enter the Name and the Description of the device you want to add. Vid and Pid are not editable.

AddDevice

Once a connected device is added to a whitelist, the Usb host whitelisting screen will display the new name and description, the persistence level, the Edit icon and the Delete icon.

Tap the Edit icon to change the Name and the Description of the whitelisted device. Vid and Pid are not editable.

Tap the Delete icon to remove the device from the whitelist.

EditDevice

note

Name and Description are merely descriptive and can be changed at any time if the level of persistence is Reboot.

How to add a not connected device

Tap the + button at the right bottom of the screen to add a device to a whitelist, even if it is not connected.

A popup appears asking to enter valid Vid and Pid numbers. Vid and Pid are always in hexadecimal format between 0x0000 and 0xFFFF.

Name and Description are optional.

Once the device is added to a whitelist, its details will be displayed in the Usb host whitelisting screen.

AddDeviceNotConnected

Important

A peripheral device can only be added to one whitelist. To add it to a different whitelist, you need to remove it from the current one. Since devices added to whitelists with persistence levels Enterprise reset, Factory reset or Default cannot be edited, they cannot be moved to a Reboot whitelist via Configuration Manager or Datalogic Settings.