Hi @maksymilianjan ,
Is this a Windows device you are trying to block the device on?
As you have noticed, a smartphone connected to a PC can have multiple device classes depending on what functionality is being utilized. In the case of file transfers, those can easily be blocked if the device is categorized as one of the default device classes supported by Cortex XDR and a Device Management profile is applied to the endpoint and set to block that device class. In the case of network tethering, the device class is probably something different.
For Windows, by default Cortex XDR will allow you to act on Disk Drives, CD-Rom Drives, Floppy Disk Drives, or Windows Portable Devices; however, you can also add custom device classes.
To create a custom device class, you will need to reference this document from Microsoft which lists all of the device classes in the OS: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/system-defined-device-setup-classe...
Copy the ClassGuid for the category of devices you would like to control from Cortex XDR - the class could vary depending on the vendor and model of device used, but you can check Device Manager on the endpoint to help with identifying the device class in this case of the tethered smartphone connection.
To add the device class to Cortex XDR, go to Endpoints>Policy Management>Settings>Device Management and then select "New Device" - this is where you will paste the ClassGuid value and specify a name. After you save the entry, this will become a device class you can manage through your Device Configuration profile.
There will be a dropdown menu under the "Custom Device Types" heading where you can select any device classes you've added into Cortex XDR:
I would use extreme caution with this approach however in this particular use case as tethered connections will often be considered Network Adapters. In that case, you probably wouldn't want to block all network adapters across your endpoints.
Regards,
Tim
