Some viruses modify the firmware of USB devices so that the operating system recognizes the USB device as a keyboard. As a result, the virus can execute commands under your user account, for example, to download malware.
The BadUSB Attack Prevention protection component allows preventing the connection of infected USB devices that imitate a keyboard to the device.
When a USB device identified by the operating system as a keyboard is connected to the device, the application prompts the user to enter a numeric code generated by the application from the newly connected keyboard or using the on-screen keyboard (if available). This procedure is called keyboard authorization.
If the code is entered correctly, the application saves the identification parameters, that is, the VID/PID of the keyboard and the port number to which it is connected, in the list of authorized keyboards. This keyboard will not need to be authorized again if it is reconnected or if the operating system is restarted.
When an authorized keyboard is connected to a different USB port of the device, the application requires it to be authorized again.
If the numeric code is entered incorrectly, the application generates a new code. You can configure the number of attempts to enter the authorization code. If the numeric code is entered incorrectly multiple times or the keyboard authorization window is closed, the application blocks input from this keyboard. When the USB device block timeout expires or the operating system is restarted, the application prompts the user to authorize the keyboard again.
The application allows an authorized keyboard and blocks an unauthorized keyboard.
By default, the BadUSB Attack Prevention protection component is disabled. You can enable, disable, or configure BadUSB Attack Prevention using the Web Console, Administration Console, and the command line.