If you have used Secured eUSB for a long time and for some reason you want to change the SEP-server address that Secured eUSB sends its logs to and listens to for Kill-Pill commands.
There might be many reasons for this, but one example could be that you are moving your SEP-server to another place in your network.
The design of Secured eUSB is to be "autonomous entities", meaning that they are stand-alone clients within your SEP-security eco-system. They are not designed to be altered remotely, just sending logs and be prepared to wipe themselves or lock-down if the Kill-Pill command has been sent.
How to change the SEP-server address for Secured eUSBs:
1.Make sure that you have set a new SEP server address
Before moving the SEP-server make sure that you have set a new SEP-server address in the policy in SEP MC (Management Console). Go to: Policies/Editor/SEP Settings/Other and specify the SEP Server URLs:
2. SEP client version 5.0.38 or newer
Next step is to make sure that all your SEP-clients are in version 5.0.38 (release notes) or newer.
3. Upgrade the Secured eUSB - 2 options
For the Secured eUSB to get updated to 5.0.38 or higher there are 2 options: Automatically or manual update of the Secured eUSB. As with everything in SEP this is based on your policy:
- 3.1 Automatic update of the Secured eUSB: go to SEP MC. Policies/Editor tab/Application Settings/Secured eUSB/Other and tick the box: Secured eUSB AUto Upgrade Options and tick Automatically upgrade to latest version
Once the user plugs in the usb a screen appears asking user to confirm the upgrade:
Once user clicks yes the device begins upgrading:
Once done a confirmation appears:
- 3.2 Manual update of Secured eUSB in the SEP-client. Open the SEP-client (right click on systray, settings): Application settings/Secured eUSB/Deployment and clicking on Upgrade eUSB device. (This can also be done by rightclicking on the Secured eUSB in Windows explorer)
4. Verify that your users have upgraded
To verify that your users have upgraded their "Secured eUSB client" go to the logs. In SEP MC, go to: Administration/Auditcenter and select only Secured eUSB Events. You can note that the "client version tab" should state Secured eUSB 184.108.40.206. Be sure to not confuse the Client version with the actual SEP-Client version - see image below.
Once this is done you can now go through that all your Secured eUSBs has been upgraded and alco compare with the actual active Secured eUSBs
With this process in place,you do not have to "re-encrypt" your Secured eUSBs, you simply just upgrade them.