implementing-usb-device-control-policy

Featured

Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing data exfiltration and malware introduction via USB devices. Use when deploying device control via Group Policy, Intune, or EDR platforms to enforce USB restrictions. Activates for requests involving USB control, removable media policy, device control, or data loss prevention via USB.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing USB Device Control Policy ## When to Use Use this skill when: - Restricting USB storage devices to prevent data exfiltration or malware introduction - Implementing device control policies via GPO, Intune, or EDR device control modules - Creating USB whitelists for authorized devices while blocking all others - Meeting compliance requirements for removable media control (PCI DSS, HIPAA) **Do not use** for network-based DLP or cloud storage restrictions. ## Prerequisites - Active Directory GPO or Microsoft Intune for policy deployment - Device Instance IDs of authorized USB devices - EDR with device control module (CrowdStrike, Microsoft Defender for Endpoint) - Understanding of USB device classes (mass storage, HID, printer, etc.) ## Workflow ### Step 1: Inventory Current USB Usage ```powershell # Enumerate currently connected USB devices Get-PnpDevice -Class USB | Select-Object InstanceId, FriendlyName, Status # Query USB storage history from registry Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\*" | Select-Object FriendlyName, ContainerID, HardwareID # Collect USB usage across fleet (via EDR or scripts) # CrowdStrike: Investigate → USB Device Activity # MDE: DeviceEvents | where ActionType == "UsbDriveMounted" ``` ### Step 2: Configure GPO Device Control ``` Computer Configuration → Administrative Templates → System → Removable Storage Access - All Removable Storage classes: Deny all access → Enabled (Block read AND write fo...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-endpoint-dlp-controls

Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through email, USB, cloud storage, and printing. Use when deploying DLP agents, creating content inspection policies, or preventing unauthorized data movement from endpoints. Activates for requests involving DLP, data exfiltration prevention, content inspection, or sensitive data protection on endpoints.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-application-whitelisting-with-applocker

Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints, reducing attack surface from malware, unauthorized tools, and shadow IT. Use when enforcing application control policies, meeting compliance requirements for software restriction, or preventing execution of unsigned or untrusted binaries. Activates for requests involving AppLocker, application whitelisting, software restriction, or executable control.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-anti-ransomware-group-policy

Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements AppLocker rules, Software Restriction Policies, Controlled Folder Access, attack surface reduction rules, and network protection settings. Activates for requests involving Windows GPO hardening against ransomware, AppLocker configuration, Controlled Folder Access setup, or endpoint protection via Group Policy.

13,115 Updated today
mukul975
AI & Automation Featured

analyzing-usb-device-connection-history

Investigate USB device connection history from Windows registry, event logs, and setupapi logs to track removable media usage and potential data exfiltration.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-disk-encryption-with-bitlocker

Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from unauthorized access in case of device loss or theft. Use when deploying encryption for compliance requirements, securing mobile workstations, or implementing data protection controls across the enterprise. Activates for requests involving BitLocker encryption, disk encryption, TPM configuration, or data-at-rest protection.

13,115 Updated today
mukul975