12-23-2025 03:19 AM - edited 12-23-2025 03:23 AM
I am working on a Cortex XDR Device Control configuration and I need to allow a specific mobile device only for file transfer from the endpoint to the device, but I do not want to allow any data transfer from the mobile device back to the endpoint.
However, I noticed that the device is detected as a CD-ROM device type in Cortex XDR (1.ss). When I try to create a Permanent Device Exception, the Permission options (Read / Read + Write) are greyed out and I am unable to select any permission level (2.ss).
I also tried configuring this through the Extensions section, but the behavior is the same and I still cannot assign permissions (3.ss).
1-
2-
3-
12-23-2025 05:16 AM
Hello @M.Erkenci
Greetings for the day.
In Cortex XDR, the behavior you are observing regarding the greyed-out permission options for your mobile device is a product design limitation.
Why Permissions are Greyed Out:
The ability to select granular permissions (Read Only vs. Read/Write) is strictly limited to devices classified as Disk Drives. For other device types, including CD-ROM, Portable Devices, and Floppy Disks, the Cortex XDR Agent does not support granular permission settings.
Specifically:
* CD-ROM Exceptions: The "Permission" dropdown for CD-ROM devices is disabled by design. Historically, it defaulted to "Read/Write" (though some versions like 3.11 may show "Allow").
* Portable Devices: These devices also do not support granular permission selection in the exception UI.
* Official Limitation: Documentation explicitly states that the Permission selection is for "(Disk Drives only)"
File Transfer Directionality:
Your specific requirement to allow file transfers from the endpoint to the device (Write) while blocking data transfer from the device to the endpoint (Read) is currently not supported in Cortex XDR.
Device Control policies only allow configuring USB devices for:
1. Read Only: Allows transfer from device to host, but blocks host to device.
2. Read/Write: Allows transfer in both directions.
3. Block: Blocks all interaction.
The reverse granular control (allowing Write but blocking Read) is a known functional limitation.
Why the Mobile Device is Detected as CD-ROM:
Mobile devices often use MTP (Media Transfer Protocol) or PTP (Picture Transfer Protocol). In many cases, these devices also present a virtual CD-ROM drive to the operating system containing driver installation software. This causes them to be categorized under the CD-ROM or Portable Devices classes rather than "Disk Drives," which further restricts your ability to apply granular permissions.
If this functionality is critical for your compliance needs, you may need to reach out to your account team to submit a Feature Request (e.g., referencing similar requests like CXDR-I-893).
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".
Thanks & Regards,
S. Subashkar Sekar
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
