- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-21-2025 02:31 AM
Hi,
We have a cortex XDR installed in our network that will block all the storage devices. Also, we have the restriction to access internet sites through firewall.
However, recently i came across an incident that one user connecting his own router using Ethernet to USB type C cable converter to access all the blocked websites within the organization. Is there a way to block the external router using XDR ?
Note : When he try to connect storage devices i am getting security violation log that its blocked. But when he connect router i am not getting any logs.
Could anyone suggest me on this pls.
01-21-2025 09:15 AM
Hi,
Thanks for reaching out Live Community.
You can try adding a custom device class so you can enforce any device controls rules, you can find more information on the link below:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Device-control
If this post answers your inquiry please mark it as solution.
01-21-2025 09:46 PM
I have created a new custom device violation in device management with the GUID (Moderm) and added the custom devices type in profile.
That could solve the issue ?
Modem | Modem | 4d36e96d-e325-11ce-bfc1-08002be10318 |
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!