logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: "uDisk" USB devices experience serial number corruption (changing, unusual characters, entirely missing) that prohibit USB approval process via serial numbers.

Carbon Black Cloud: "uDisk" USB devices experience serial number corruption (changing, unusual characters, entirely missing) that prohibit USB approval process via serial numbers.

Environment

  • Carbon Black Cloud Sensors: All versions
  • Carbon Black Cloud Console: All versions
  • Sensor Operating Systems: All versions
  • "USB" devices: uDisk

Symptoms

  1. Inventory -> USB DEVICES lists devices with the PRODUCT value "uDisk" 
  2. The SERIAL NUMBER is either missing, or has unusual characters like Љ <- Љ ‎(upper case, lower case љ ... the fourteenth letter of the Serbo-Croatian Cyrillic alphabet)
  3. The SERIAL NUMBER may change after ejecting and reinserting.

Resolution

The "uDisk" designation is a sign of a problem between the device and the Operating System (e.g. occurs without the Carbon Black Cloud sensor in the picture)

From this article

"If your USB flash drive mounts as a UDISK on your computer, it means it’s a bad USB drive with firmware that doesn’t match the memory type and controller combination. The drive is saying it’s using flash memory, when in reality it’s just a small hard drive. Without the correct firmware in the controller, the USB stick is unstable and the operating system tips users about the problem by calling it a UDISK."

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-15-2023
Views:
1605
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.