Introducing Advanced Device Control: Shielding businesses from USB threats 

With experts noting a troubling threefold surge in USB drive malware incidents in early 2023, Device Control has just leveled up with a key addition: the Advanced Auto Scanning & Block Until Scan feature. 

Here’s the breakdown: When a USB device is connected, ThreatDown now doesn’t just control access—it actively scans it. You can also now choose to block the device until the system scans it. This means threats are stopped in their tracks, well before they can do any harm. 

Available for both Nebula and OneView users, the new update also offers detailed device insights on the Quarantine and Detections pages. The interactive “Device” column, for example, reveals comprehensive details like the serial number and volume name. 

Advanced Device Control is designed to make it that much easier for organizations to defend against USB malware, which can cause data breaches and other system compromises. Let’s dive deeper into the update! 

Automated Scanning 

When a USB device is inserted, the new feature automatically initiates a scan for potential threats. This is proactive, as opposed to the more passive nature of traditional device control, which simply controlled access when storage drives were connected via USB. 

Conditional Access Based on Scan Results 

Perhaps the most significant addition is the ability to block access to the device until it has been scanned for threats. This ensures that no potentially harmful files are accessed before they are verified as safe, a capability not present in the original Device Control setting. 

Customizable Alerts 

Users can craft an optional alert message that appears when a USB device is blocked pending a scan. This can help in communicating security protocols to users who might not be aware of why their device access is restricted. 

Quarantine and Detections Pages Update 

Nebula’s Quarantine and Detections pages have been upgraded for improved management of USB-originated threats: 

  • “Device” Column: A new clickable column has been added, listing devices associated with threats. 
  • Device Details Slideout: Clicking on a device link provides immediate access to details like serial number and volume name. 

These updates streamline the threat analysis process, integrating crucial information directly into your workflow. 

Additional features 

Restoration & Exclusion Enhancements 

Quickly restore false positives from quarantine when the device is reconnected and set exclusions to prevent future unnecessary blocks. 

Detailed Threat Information 

The Endpoint details slide-out has been enhanced. Under the Detections and Quarantine tabs, users can now access comprehensive data on any USB threats discovered. 

Action Taken 

A new “Action taken” column clearly shows the device scan history and status updates.

Try Advanced Device Control today 

Advanced Device Control marks a leap in helping organizations stay ahead of USB malware, featuring proactive scanning, conditional access, and improved visibility to proactively thwart potential breaches.  

Try Advanced Device Control in Nebula and OneView today! 

Not a Nebula or OneView user? Get a free demo.


Bill Cozens

Content Writer

Bill Cozens is content writer for the Malwarebytes business blog, where he writes about industry challenges and how best to address them.