Friday, May 13, 2016

Block or Disable USB storage devices on Mac

USB storage devices have always been the best method of data sharing because of their removable and rewritable features.They are often used for the same purposes for which floppy disks or CDs were once used, but USB storage devices are smaller, faster, have thousands of times more capacity, and are more durable and reliable because they have no moving parts. With the increasing use of such portable USB storage devices, it has also significantly increased the threats to companies’ data security. USB devices and other portable storage devices are one of the top causes for security incidents with millions of dollars in losses for businesses. As per the CoSoSys - one of the famous brand in Mac security, " The need of using a device control solution and controlling the use of devices in corporate environments has become nowadays a must in order to keep up with the latest security challenges". Most of the companies deploy the Endpoint Protector software for Mac OS X by CoSoSys to control the use of USB, CD/DVD, card readers, etc.You can disable or block the USB access in any system using Endpoint Protector in order to prevent data theft. But not everyone would like to buy the license for this software, so for them there is a free and reliable solution to block or disable USB storage devices on mac by removing or unloading the built-in USB storage device driver extension in OS X. Use the following instructions on your Mac to block or disable USB mass storage device input/output support such as USB Flash drives and external USB hard drives .

Block or Disable USB storage Devices on Mac
Block or Disable USB storage Devices on Mac
Note: The following method or troubleshooting will not affect the use of USB Keyboard, Mouse or printer as this is only applicable to USB storage devices on Mac.

Suggestion: Keep backup before removing system file from Mac.

Method 1

Block or Disable USB Port on Mac OS X

Blocking or Disabling USB storage devices input/output support such as USB Flash drives and external USB hard drives is a very easy task in Mac OS X. You just need to remove / rename / unload the kernel extension ( .Kext ) file for USB storage device' s input output controller. The removal of this kernel extension only affects USB mass storage devices. It does not affect other USB devices such as a USB printer, mouse, or keyboard. You must have the root or administrative privilege to perform this task
.
Important: Repeat these instructions every time a system update is installed.

To remove kernel extensions for specific hardware:

1. Open the /System/Library/Extensions folder.

Block or Disable USB storage Devices on Mac
Block or Disable USB storage Devices on Mac
2. To remove support for USB mass storage devices, rename or drag the IOUSBMassStorageClass.kext file to the Desktop:
You can't expect the USB storage devices to be blocked or disabled just after removing or renaming the IOUSBMassStorageClass.kext file while the system is running. You would also need to clear the kextcache and then reboot.
Block or Disable USB storage Devices on Mac
Block or Disable USB storage Devices on Mac
3. In order to clear the Kextcache open Terminal from Utilities folder and enter the following command:
$ sudo touch /System/Library/Extensions

The touch command changes the modified date of the /System/Library/Extensions folder. When the folder has a new modified date, the Extension cache files (located in /System/Library/) are deleted and rebuilt by Mac OS X.

4. Choose Finder > Secure Empty Trash to delete the file.
5. Restart the system.


Method 2

Block or Disable USB Port on Mac OS X by unloading the Kernel Extension

USB storage devices can also be blocked or disabled by unloading the USB storage input /output kernel extension ( .Kext file ).The USB kext on OS X is loaded at the time of start of the system, this can be loaded / unloaded using kextload or kextunload command. To disable USB port on Mac , follow below steps:

1. Open Terminal from Applications > Utilties folder.
2. Type the following commands and hit return key.

cd /System/Library/Extensions/
sudo kextunload IOUSBMassStorageClass.kext


Block or Disable USB storage Devices on Mac
Block or Disable USB storage Devices on Mac
3. This will block or disable the USB port for Mass storage devices.

If you want to re-enable the USB port you can just re load the IOUSBMassStorageClass.kext using the following kextload command.

cd /System/Library/Extensions/
sudo kextload IOUSBMassStorageClass.kext


Note :- Kextunload command is not a permanent fix to block / disable the USB Storage devices on Mac as it only works up to next reboot.You will need to unload it again after the reboot to block / disable USB storage devices on mac.

When you block or disable the USB storage devices on your Mac, the Time Machine backup drive connected to your local computer will also be disabled but the Time capsule hard drive or any network attached storage devices ( NAS HDD ) would still work because they are connected using Apple File Protocol (AFP).

********** End of Article ***********

incoming search term
usb storage device, block or disable usb storage devices on mac, disable usb port on mac, load unload mac kernel extension, usb external hdd or flash drive blocked on mac
Reactions:

4 comments:

  1. This doesn't work on Yosemite and up.

    ReplyDelete
    Replies
    1. Hi Kino, Could you tell me the steps you followed and the results with any error (if occurred any) on Yosemite. You might need to turn off the System Integrity Protection ( SIP) features which protects the important system files from being altered or modified.Let me know the challenge you have.

      Delete
    2. This is the error I get;

      (kernel) Can't remove kext com.apple.iokit.IOUSBMassStorageClass; services failed to terminate - 0xdc008018.

      Failed to unload com.apple.iokit.IOUSBMassStorageClass - (libkern/kext) kext is in use or retained (cannot unload).

      I am running El Capitan 10.11.6

      Delete
  2. Keep in mind that this only protects a machine that is encrypted with FileVault. Else someone could boot into Recovery HD and mount the volume, and restore the USB drivers from inside Recovery HD... rapidly.

    Enabling FileVault and Firmware Password may seem trivial/obvious, but the average user should be aware that both are needed to harden this procedure properly.

    ReplyDelete