Configuring BadUSB Attack Prevention on the command line

On the command line, you can also manage BadUSB Attack Prevention using the BadUSB Attack Prevention predefined task (Bad_USB).

The BadUSB Attack Prevention task is not started by default. You can start and stop this task manually.

Administrator role privileges are required to start and stop the BadUSB Attack Prevention task from the command line.

You can manage BadUSB Attack Prevention settings by editing the settings of the BadUSB Attack Prevention predefined task.

The following table describes available values and default values of settings that you can specify for the BadUSB Attack Prevention task.

BadUSB Attack Prevention task settings

Setting	Description	Values
`MaxAuthAttempts`	Maximum number of USB device authorization attempts after which the application blocks the USB device and further attempts to authorize the USB device for the duration specified in the `TimeoutAfterAttempts` parameter.	Possible values: 1 to 10 Default value: 5.
`TimeoutAfterAttempts`	USB device blocking duration after `MaxAuthAttempts` unsuccessful attempts to enter an authorization code.	Possible values: 1 to 180 minutes. Default value: 5 minutes.
`ProhibitOnScreenKeyboard`	Prohibit or allow the on-screen keyboard for authorizing USB devices.	If `Yes`, the application does not allow using the on-screen keyboard for keyboard authorization of a USB device that cannot be used to enter an authorization code. If `No`, the application allows using the on-screen keyboard for keyboard authorization of a USB device that cannot be used to enter an authorization code.

Setting

Description

Values

MaxAuthAttempts

Maximum number of USB device authorization attempts after which the application blocks the USB device and further attempts to authorize the USB device for the duration specified in the TimeoutAfterAttempts parameter.

Possible values: 1 to 10

Default value: 5.

TimeoutAfterAttempts

USB device blocking duration after MaxAuthAttempts unsuccessful attempts to enter an authorization code.

Possible values: 1 to 180 minutes. Default value: 5 minutes.

ProhibitOnScreenKeyboard

Prohibit or allow the on-screen keyboard for authorizing USB devices.

If Yes, the application does not allow using the on-screen keyboard for keyboard authorization of a USB device that cannot be used to enter an authorization code.

If No, the application allows using the on-screen keyboard for keyboard authorization of a USB device that cannot be used to enter an authorization code.

Page top