Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing data exfiltration and malware introduction via USB devices. Use when deploying device control via Group Policy, Intune, or EDR platforms to enforce USB restrictions. Activates for requests involving USB control, removable media policy, device control, or data loss prevention via USB.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionimplementing-usb-device-control-policyExecute the skills CLI command in your project's root directory to begin installation:
Fetches implementing-usb-device-control-policy from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate implementing-usb-device-control-policy. Access via /implementing-usb-device-control-policy in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | implementing-usb-device-control-policy |
| description | 'Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing data exfiltration and malware introduction via USB devices. Use when deploying device control via Group Policy, Intune, or EDR platforms to enforce USB restrictions. Activates for requests involving USB control, removable media policy, device control, or data loss prevention via USB. ' |
| domain | cybersecurity |
| subdomain | endpoint-security |
| tags | - endpoint - USB-control - device-control - data-loss-prevention - removable-media |
| version | 1.0.0 |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - PR.PS-01 - PR.PS-02 - DE.CM-01 - PR.IR-01 |
Use this skill when:
Do not use for network-based DLP or cloud storage restrictions.
# Enumerate currently connected USB devices
Get-PnpDevice -Class USB | Select-Object InstanceId, FriendlyName, Status
# Query USB storage history from registry
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\*" |
Select-Object FriendlyName, ContainerID, HardwareID
# Collect USB usage across fleet (via EDR or scripts)
# CrowdStrike: Investigate → USB Device Activity
# MDE: DeviceEvents | where ActionType == "UsbDriveMounted"
Computer Configuration → Administrative Templates → System → Removable Storage Access
- All Removable Storage classes: Deny all access → Enabled
(Block read AND write for all removable storage)
OR for granular control:
- CD and DVD: Deny read access → Enabled
- Removable Disks: Deny write access → Enabled (read-only USB)
- Tape Drives: Deny all access → Enabled
- WPD Devices: Deny all access → Enabled
To allow specific approved USB devices:
Computer Configuration → Administrative Templates → System → Device Installation
→ Device Installation Restrictions
- Prevent installation of devices not described by other policy settings → Enabled
- Allow installation of devices that match any of these device IDs → Enabled
Add approved Device IDs: USB\VID_0781&PID_5583 (example: SanDisk Cruzer)
<!-- MDE Device Control policy (XML format) -->
<PolicyGroups>
<Group Id="{d9a81dc0-1234-5678-9abc-def012345678}"
Type="Device" Name="Approved USB Devices">
<MatchClause>
<MatchType>VID_PID</MatchType>
<MatchData>0781_5583</MatchData> <!-- SanDisk -->
</MatchClause>
</Group>
</PolicyGroups>
<PolicyRules>
<Rule Id="{rule-guid}" Name="Block unapproved USB storage">
<IncludedIdList>
<PrimaryId>RemovableMediaDevices</PrimaryId>
</IncludedIdList>
<ExcludedIdList>
<GroupId>{d9a81dc0-1234-5678-9abc-def012345678}</GroupId>
</ExcludedIdList>
<Entry>
<Type>Deny</Type>
<AccessMask>63</AccessMask> <!-- All access -->
<Options>4</Options> <!-- Show notification -->
</Entry>
</Rule>
</PolicyRules>
# Monitor USB events in SIEM:
# Windows Event ID 6416 - New external device recognized
# Windows Event ID 4663 - File access on removable media
# MDE: DeviceEvents where ActionType contains "Usb"
# Generate USB activity reports monthly
# Track: blocked attempts, approved device usage, exception requests
| Term | Definition |
|---|---|
| VID/PID | Vendor ID and Product ID that uniquely identify USB device models |
| Device Instance ID | Unique identifier for a specific physical USB device |
| Device Control | EDR/endpoint feature restricting device access based on type, vendor, or serial number |
| USB Class | USB device category (mass storage 08h, HID 03h, printer 07h) |
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
I recommend implementing-usb-device-control-policy for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
implementing-usb-device-control-policy reduced setup friction for our internal harness; good balance of opinion and flexibility.
Registry listing for implementing-usb-device-control-policy matched our evaluation — installs cleanly and behaves as described in the markdown.
Solid pick for teams standardizing on skills: implementing-usb-device-control-policy is focused, and the summary matches what you get after install.
Keeps context tight: implementing-usb-device-control-policy is the kind of skill you can hand to a new teammate without a long onboarding doc.
Useful defaults in implementing-usb-device-control-policy — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
Registry listing for implementing-usb-device-control-policy matched our evaluation — installs cleanly and behaves as described in the markdown.
implementing-usb-device-control-policy reduced setup friction for our internal harness; good balance of opinion and flexibility.
implementing-usb-device-control-policy is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
I recommend implementing-usb-device-control-policy for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
showing 1-10 of 43