How to Manage USB Devices


This document will outline how to use Falcon Device Control to create and enforce USB device policy in your environment to minimize the attack surface and risk of incidents.


This video provides a demonstration of the configuration of Falcon USB Device Control as well as the additional USB device visibility available to Falcon Insight customers.

Device Control Policy Options

Falcon Device Control enables customers to use their existing management platform and lightweight agent to establish and enforce policies for USB devices. The policies and options can be found under “Configuration > USB Device Policies”.

device control policies


From the policy list, you can choose to edit an existing policy or create a new policy. Within each policy, you are presented with a list of different USB device classes. This gives you the granularity to define different policies for different types of devices. Device classes include imaging, printers and mass storage.

device control settings


For mass storage, you will see four options available. “Read, write and execute” gives users full access. For mass storage, “Read and write only” is often used to prevent the auto-execution of unwanted programs.

device control add exception


Within the policy for each class, you also have the option to define exceptions. These exceptions can be done for specific devices or in larger groups using vendor and product information. This allows you to provide necessary functionality while maintaining control over user access. It is also very helpful when enforcing specific corporate standards.

device control exceptions



Falcon Device Control provides the ability to establish, enforce and monitor policies around your organization’s usage of USB devices.


More resources

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial