Description: Currently, the Device Control module logs USB device connections (enable) with class IDs, but USB device removal events (unplug/disable) are not logged. For operational and security requirements, we need visibility into both device plug-in and device removal actions. Business Need / Use Case: Our organization employs call center staff who use USB headsets. To ensure service continuity and endpoint behavior monitoring, we must track when: USB headset is disconnected (intentionally or unintentionally) Any USB device is unplugged while the session is active This is important both for operational troubleshooting and policy enforcement. Requested Features: Log USB removal/unplug/disable events similar to connection events. Display those events within Device Control → Logs. Provide details such as Device class ID Device name Timestamp (remove event) Related endpoint Impact: Adding this feature will improve endpoint monitoring, help detect unwanted device removal, and enhance operational visibility for environments relying heavily on USB-based peripherals (e.g., call centers). We kindly request evaluation and development of this feature by the Product Management team.
