Skip to content

Endpoint device USB Lockdown

USB device drives can be locked. A device policy governs the blocking of USB devices. You can use the USB Lockdown device policy to:

  • Block portable devices: USB connected mobile device.

  • Block mass storage devices: USB flash drive or USB external hard drive.

Note

The USB Lockdown device policy is supported on both Windows and macOS devices. Block portable devices and Block mass storage devices are supported on Windows devices. Block mass storage devices is supported for macOS devices.

Locking USB drives on a device offers several benefits, primarily focused on enhancing security and data protection:

  • Reduced attack surface: Limiting USB usage reduces the attack surface, simplifying the security landscape and allowing organizations to focus on other critical areas of defense against malware.

  • Malware prevention: Safeguard against malware spread via infected USB drives, lowering the risk of infecting your device or network. Malware can infect a device via:

    • Malware distribution: Malicious software can easily spread via infected USB drives when plugged into a device. Blocking USB devices reduces the chances of malware being introduced through these means, protecting the network from potential infections.

    • Automated malware execution: Some malware is designed to execute automatically when a USB drive is inserted into a device. By blocking USBs, this automatic execution is prevented, giving security teams more time to analyze and respond to potential threats.

    • Zero-day exploits: USB-related vulnerabilities, known as zero-day exploits, can be targeted by malware. Blocking USB devices can mitigate the risk associated with such vulnerabilities, reducing the potential for malware attacks.

    • Insider threat mitigation: Blocking USB devices helps mitigate insider threats where employees with malicious intent attempt to introduce malware via portable storage devices. This proactive measure reduces the risk of internal attacks.

Creating a new USB Lockdown policy

To create a new USB Lockdown policy:

  1. From the Device Posture tab, select + ADD:

    Add new device posture policy

  2. Select Add to Windows or Add to macOS.

    The Add new device policy dialog appears.

  3. Select USB Lockdown from the Select policy type dropdown.

    New USB Lockdown policy dialog

  4. Configure the Action:

    • Block portable devices

    • Block mass storage devices

    Note

    Block portable devices and Block mass storage devices are supported on Windows devices. Block mass storage devices is supported on macOS devices.

  5. Enter label names (predefined or custom) to the Labels field listed under Apply policy to devices with these labels to apply the new policy to specific groups of devices.

    Apply device policy labels

  6. Select SAVE.

    The policy is created with the configured settings.

View the policy by selecting the dropdown next to USB Lockdown on the Device Posture tab. See: Device posture configuration overview.

The following policy details are displayed:

  • Device labels applicable to the policy.

  • The action(s) applicable to the policy, for example, Block portable devices.

View USB Lockdown policy