Protect your Windows and macOS-based endpoints from connecting to malicious USB-connected removable devices, to Bluetooth devices, and to print jobs.
By default, all external USB and Bluetooth devices are allowed to connect to your Windows and macOS-based Cortex XDR endpoints, and all print jobs are allowed. To protect endpoints from connecting to removable devices, such as disk drives, CD-ROM drives, floppy disk drives, Bluetooth devices, and other portable devices, that can contain malicious files, Cortex XDR provides device control. Different types of print jobs can also be blocked.
Using device control, you can:
(Windows and macOS) Block all supported USB-connected devices for an endpoint group.
(Windows and macOS) Block a USB device type but add to your allow list a specific vendor from that list that will be accessible from the endpoint.
(Windows only) Block connections to Classic Bluetooth devices or Low Energy Bluetooth services. These are two different Bluetooth protocols used for short-range wireless connections.
Some examples of Classic Bluetooth devices include: laptop computers, tablets, telephones, audio/video devices, wearables, peripherals, imaging devices, health devices, toys, and so on.
Some examples of Low Energy Bluetooth devices include: telephone alert status, microphone control, health sensors, insulin delivery, location and navigation, object transfer, and so on.
Temporarily block only some device types on an endpoint.
USB devices (Windows and macOS)
Bluetooth devices (Windows only)
(Windows and macOS) Block some, or all, print jobs to local or network printers, or to file.
Note
Depending on your defined user scope permissions, creating device profiles, policies, exceptions, and violations may be disabled.
The following are prerequisites to enforce device control policy rules on your endpoints:
Platform | Prerequisites |
---|---|
Windows | For VDI:
|
Mac | No prerequisites |
Linux | Not supported |
Android | Not supported |
iOS | Not supported |
The following limitations apply to device control on your endpoints:
Platform | Device Type | Limitation |
---|---|---|
Windows | VDI |
|
Windows | Bluetooth |
|
macOS | - | No limitations |
Linux | - | Not supported |
Android | - | Not supported |
iOS | - | Not supported |
Device control profiles
To apply device control in your organization, define device control profiles that determine which device types Cortex XDR blocks, and which it permits. There are two types of profiles:
Profile | Description |
---|---|
Configuration Profile | Allow or block these device type groups:
Note
Add a new configuration profile. The Cortex XDR agent relies on the device class assigned by the operating system. For Windows endpoints only, you can configure additional device classes. |
Exceptions Profile | Allow specific devices according to device types and vendor. You can further specify a specific product and/or product serial number. |
Device Configuration and Device Exceptions profiles are configured for each operating system separately. After you configure a device control profile, Apply device control profiles to your endpoints.