Delete USB history (regedit) with script-CodePudding

I have a javascript and Powershell script allowing to detect a usb plug, and which shows me a pop up. Indeed, my script only detects new usb keys that have not yet been plugged into the system. That's why I would like to delete the usb key history from my computer, like USB OBLIVION does, in order to have as a new connection to each usb plug.

I don't see what I need to add to my script... I have already tried deleting the content of:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB

Thanks

CodePudding user response：

You could try these, but don't forget to wipe the from them other 3 paths as well

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\WPDBUSENUM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Portable Devices\Devices\

CodePudding user response：

You could also consider using WMI Event subscriptions, this works whatever the usb key is already known or not, but do not clear the registry :

to detect usb plug :

Register-CIMIndicationEvent –Query `
   "Select * From __InstanceCreationEvent Within 1 Where TargetInstance IsA 'Win32_LogicalDisk'" `
   –SourceIdentifier "WMIInsert" –Action { Write-Host `
   "$($Event.SourceEventArgs.NewEvent.TargetInstance.Name) plugged!`n" }

to detect usb ejection :

Register-CIMIndicationEvent –Query `
   "Select * From __InstanceDeletionEvent Within 1 Where TargetInstance IsA 'Win32_LogicalDisk'" `
   –SourceIdentifier "WMIEject" –Action { Write-Host `
   "$($Event.SourceEventArgs.NewEvent.TargetInstance.Name) ejected!`n" }

Within 1 means to detect every one second. Depending on your needs, you can configure Within 30 for example to look it for every 30 seconds (every plug or ejection in the meantime are captured as well).

the -Action parameter let you do whatever you want since this is a scriptblock (In the example I provided the event is only displayed to the console).

And do not forget that StackOverflow is not a free coding service, so next time, please share the piece of code where you have got a problem or a bug.