Environment
- Carbon Black Cloud Console: November '20 Release (0.60) and Higher
- Endpoint Standard Sensor: 3.6.0.1897 and Higher
- Microsoft Windows: All Supported Versions
Objective
Identify a Supported Device for Device Control?
Resolution
To verify if the OS has identified the USB device as a mass storage device (DiskDrive) perform the following steps
- Open the windows registry editor by running regedit.exe
- Go to the registry key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR
- Identify the USB device plugged in by its expected Class, Vendor, and Product Name
NOTE: If the usb device is not found in this registry key, the OS has not identified it as being a USB mass storage device (USB Disk Drive).
- Expand the device of interest and select the alphanumeric key (Windows devices UID)
- Confirm the ClassGUID matches {4d36e967-e325-11ce-bfc1-08002be10318}
- Validate the sensor recognizes the registered external device
- Open a command prompt as Administrator
- Change directory to C:\Program Files\Confer
- Run: repcli device all
- Look for the following in the output:
- Device Info: Device Type [Disk]
- Interface Tyle [USB]
Additional Notes
- Device Control refers to USB, SCSI, etc. as the Interface Type. Currently USB (DiskDrive) is the only supported Interface Type for Device Control.
- All other USB devices will be found under: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB
Related Content
