Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex XDR _USB Blocking Levels

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR _USB Blocking Levels

L1 Bithead

Hello,

 

Please let me understand the levels of usb blocking in the edr policy.

If the access is blocked does it allow printers, Charging smartphones, Other utilities like Cameras etc. 

 

Thanks in advance.

1 accepted solution

Accepted Solutions

L4 Transporter

Hello @Seth_Sakshi ,

 

Thanks for reaching out on LiveCommunity!

By default XDR allow you to control access for following device types:

Disk Drives (Block/Allow/Read Only)

CD-ROM Drives (Block/Allow)

Windows Portable Devices (Block/Allow)

Floppy Disk Drives (Block/Allow)

 

Apart from above devices classes, XDR also allow you to define custom device classes. When you create a custom device class, you must supply Cortex XDR the official ClassGuid identifier used by Microsoft. In this way you can control access for new device classes like printer, camera etc.

Please follow below link to define new device class.

https://docs-cortex.paloaltonetworks.com/r/nnVkSO1wKch8BsAwIvVNXg/lobX4efKM4a41mH~GQr0hg?section=UUI...

 

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

 

View solution in original post

2 REPLIES 2

L4 Transporter

Hello @Seth_Sakshi ,

 

Thanks for reaching out on LiveCommunity!

By default XDR allow you to control access for following device types:

Disk Drives (Block/Allow/Read Only)

CD-ROM Drives (Block/Allow)

Windows Portable Devices (Block/Allow)

Floppy Disk Drives (Block/Allow)

 

Apart from above devices classes, XDR also allow you to define custom device classes. When you create a custom device class, you must supply Cortex XDR the official ClassGuid identifier used by Microsoft. In this way you can control access for new device classes like printer, camera etc.

Please follow below link to define new device class.

https://docs-cortex.paloaltonetworks.com/r/nnVkSO1wKch8BsAwIvVNXg/lobX4efKM4a41mH~GQr0hg?section=UUI...

 

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

 

L1 Bithead

Hello @nsinghvirk ,

 

Thanks for the solution.

 

Can you please tell which device class be used for enabling the USB access only for digital signature dongle?

Or Is there any other way by which we can allow only the use of digital signature dongle and block the access for rest of the use?

 

Thanks in advance.

 

Regards,

Sakshi Seth

  • 1 accepted solution
  • 1662 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!