Endpoint device USB Lockdown

Coro's USB Lockdown device policy blocks USB device drives on macOS and Windows devices. Use the USB Lockdown device policy to:

  • Block portable devices : (Windows devices only) USB connected mobile devices.
  • Block mass storage devices : (macOS and Windows devices) USB connected flash drives or USB external hard drives.
  • Allow specific USB devices by serial number : (macOS and Windows devices) Allowlisted devices remain accessible when all other USB devices are blocked.
Important

Coro does not trigger Endpoint Security tickets for this policy type because it directly enforces functionality on affected devices.

Locking USB drives on a device enforces security policies and reduces risk in several areas:

  • Reduced attack surface : Limits USB access to lower the number of potential entry points for malware.
  • Malware prevention : Blocks USB drives that may contain malware. Malware can spread in several ways:
    • Malware distribution : Infected USB drives can spread malware when connected to a device. Blocking USB drives prevents this type of distribution.
    • Automated malware execution : Some malware executes automatically when a USB drive is inserted. Blocking USB drives prevents this execution.
    • Zero-day exploits : USB-related vulnerabilities can be used by malware. Blocking USB drives reduces exposure to these vulnerabilities.
    • Insider threat mitigation : Blocking USB drives reduces the risk of unauthorized devices being used by employees to introduce malware.

Creating a new USB Lockdown policy

To create a new USB Lockdown policy:

  1. Access the Device Posture page .
  2. Select + ADD :

    Add new device posture policy

  3. Select Add to Windows or Add to macOS .

    Coro displays the Add new device policy dialog.

  4. Select USB Lockdown from the Select policy type dropdown:

    New USB Lockdown policy dialog

  5. Configure the Action :
    • Block portable devices .
    • Block mass storage devices .
    note

    Block portable devices and Block mass storage devices are supported on Windows devices. Block mass storage devices is supported on macOS devices.

  6. (Optional) To add a USB device to the allowlist, select + Add USB device :

    New USB Lockdown policy dialog

  7. Enter the following USB device information:
    • Serial number : Enter the serial number of the USB device.
    • Description : (Optional) Enter a description for the USB device.
    note

    You can add multiple USB devices to the allowlist.

  8. Enter device labels in the Labels field to assign the policy to specific groups of devices:

    Apply device policy labels

  9. Select SAVE :

    New USB Lockdown policy save

    Coro creates the policy with the configured settings.

  10. Select the USB Lockdown dropdown to view the policy.

    Coro displays the following policy details:

    • Device labels applicable to the policy.
    • The action(s) applicable to the policy, for example, Block portable devices .

    View USB Lockdown policy

Managing USB Lockdown policies

Use the three-dot menu of a configured USB Lockdown policy to:

  • Edit Policy : Modify the configuration settings of the policy.
  • Delete Policy : Remove the policy.

Manage USB Lockdown policies