Disable USB Storage by default, with allow options
M
Michael Paranich
We tried using Intune but unblocking for usage took longer than we were happy with. We use Registry settings now but being able to set it up in Huntress with Profiles would be easier to see and confirm which devices are USB Locked. It's a big piece of audits we're currently going thru.
Jorge Corona
Great Idea. Here is how you can do this using Microsoft Intune Endpoint Security https://www.youtube.com/watch?v=-0DD_hbIvo0&t=617s
J
James Fouracre
Part of compliance as below, lots of insurance companies want this feature. Also again to help protect businesses from malware on USB drives. our current security program has this. So we can’t fully move to huntress till we can have this feature with an allow option.
Thomas Reed (Huntress)
I'd like to know more about why you all would like this. Is your intent to protect against malware that might be on the drive, or as a method of data protection (ie, preventing employees from copying data from a company machine), or something else entirely?
h
hal abramovitch
Thomas Reed (Huntress) all of the above, its even often asked on cyber insurance forms if you allow this.
K
Kurt Sutherland
Thomas Reed (Huntress) yes to both points - protect against malware that might be on the drive, and as a possible method of data protection.
A
Aaron Tuomala
Thomas Reed (Huntress) There are many reasons. 1) This is something that is asked on insurance applications as a means of controlling access. 2) For CMMC clientele, we need the ability to block all, or block all except for certain serial numbers. Also, the ability to control this per machine. 3) This is one of the only feature keeping us tied to our existing Endpoint Protection which provides this capability. If this was added to Huntress, we could move to Windows Defender. 4) This is mainly to remove the possibility of employees plugging in storage drives they find in the wild to a computer.
J
James Schmidt
Thomas Reed (Huntress), for clients that are in regulated fields, this function has to be configured for protection and to meet the regulations. Utilizing a GPO is not as affective for this function with the amount of remote users that are present today.
Matt
Thomas Reed (Huntress) Everything that has been mentioned here. Clients are asking for it as well, and GPOs aren’t a great way to do this anymore. Could be performed via Microsoft’s stuff in inTune but if huntress could implement a simpler solution it would be a huge plus!
s
shawn switzer
Thomas Reed (Huntress) I would like these controls to prevent attacks leveraged via EvilUSB, USB Rubber Ducky, etc. The protection against data exfiltration is less important for us.
J
John Long-White
Thomas Reed (Huntress) Same as above for CMMC (but really it should start being adopted as a standard practice for any controlled IT ecosystem and it would be much cleaner if Huntress could do it rather than having to implement intune or a third party solution.
Y
Yossi Leitner
Thomas Reed (Huntress) all of the above. A great feature would be to add expiring exclusions, so when a user do need to access a USB drive for 1 day, we should be able to set an expiring rule that allows the use of USB drives for a specific machine / org
A
Andy Plum
Thomas Reed (Huntress) All of the above for sure, we see this type of restriction showing up on most insurance/compliance questionnaires that we have completed over the past year. I also think Yossi's idea of adding an expiring exclusion on a per machine/tenant basis could very useful.
J
Juha Huhtamaa
Oh yes, integration with Intune in ITDR. Logs of usage/file transfers/audit > SIEM (long period). Defender for endpoint is good product, then no need S1/CS/NW etc to take care about this.
Alex
Would really appreciate this feature!
Y
Yossi Leitner
+ an option to add temporary Allow exclusions that can expire after x amount of hours /days
K
Kurt Sutherland
Yes please!! Agreed - this would be an extremely useful feature.
J
James Schmidt
This is a must have as it is in our existing product that we are moving from to Huntress.
S
Scott Brewster
I've seen stuff like this in a McAfee product years ago. I think as a response to an anomaly, it might be good, but setting a policy write large should probably be on a different product controlling all of the other baseline policies for a PC in an administrative unit. I'd guess Intune.
Load More
→