Back to Blogs

Announcing Device Control - Separation of Read, Write, and Execute Controls!

Posted on December 11, 2023


What is it?

Carbon Black Cloud gives visibility and control over USB mass storage devices detected in your environment with the ability to block untrusted devices and approve trusted devices. The pre-existing implementation of Device Control blocks ALL operations on any external device. This enhancement enables users to separate read vs write vs execute permissions for approved devices on Windows endpoints. Users can determine whether a policy block should allow approved USB devices to read-only, read and write, read and execute, or read, write and execute.

Who is it for?

Carbon Black Cloud Endpoint Standard customers with a Windows 3.9 sensor or above.

What can you do with it?

  • Users can determine whether a device should be approved for read-only, read and write, read and execute, or read and write and execute.

Existing features of Device Control continue to be available for earlier Windows sensors and Mac Sensors. New features of the API can be used, and will be ignore by sensors without the new capability.

  • Retrieve an inventory of external devices and their associated metadata within an organization
  • Search for a specific external device and its associated metadata
  • Create an approval for an external device, set of devices, or for specific vendor and product models
  • Cross reference additional external device data after an alert

Where do I go to get started?

See the Device Control API documentation for instructions on authenticating and more.

Learn more about Device Control in the Carbon Black Cloud User Guide.


Have questions or feedback?

  • Subscribe to the Developer Network Newsletter