USB storage devices have always been the best method of data sharing because of their removable and rewritable features.They are often used for the same purposes for which floppy disks or CDs were once used, but USB storage devices are smaller, faster, have thousands of times more capacity, and are more durable and reliable because they have no moving parts. With the increasing use of such portable USB storage devices, it has also significantly increased the threats to companies’ data security. USB devices and other portable storage devices are one of the top causes for security incidents with millions of dollars in losses for businesses. As per the CoSoSys – one of the famous brand in Mac security, ” The need of using a device control solution and controlling the use of devices in corporate environments has become nowadays a must in order to keep up with the latest security challenges”. Most of the companies deploy the Endpoint Protector software for Mac OS X by CoSoSys to control the use of USB, CD/DVD, card readers, etc.You can disable or block the USB access in any system using Endpoint Protector in order to prevent data theft. But not everyone would like to buy the license for this software, so for them there is a free and reliable solution to block or disable USB storage devices on mac by removing or unloading the built-in USB storage device driver extension in OS X. Use the following instructions on your Mac to block or disable USB mass storage device input/output support such as USB Flash drives and external USB hard drives .
Block or Disable USB storage Devices on Mac |
Note: The following method or troubleshooting will not affect the use of USB Keyboard, Mouse or printer as this is only applicable to USB storage devices on Mac.
Suggestion: Keep backup before removing system file from Mac.
Method 1
Block or Disable USB Port on Mac OS X
Blocking or Disabling USB storage devices input/output support such as USB Flash drives and external USB hard drives is a very easy task in Mac OS X. You just need to remove / rename / unload the kernel extension ( .Kext ) file for USB storage device’ s input output controller. The removal of this kernel extension only affects USB mass storage devices. It does not affect other USB devices such as a USB printer, mouse, or keyboard. You must have the root or administrative privilege to perform this task
.
Important: Repeat these instructions every time a system update is installed.
To remove kernel extensions for specific hardware:
1. Open the /System/Library/Extensions folder.
Block or Disable USB storage Devices on Mac |
2. To remove support for USB mass storage devices, rename or drag the IOUSBMassStorageClass.kext file to the Desktop:
You can’t expect the USB storage devices to be blocked or disabled just after removing or renaming the IOUSBMassStorageClass.kext file while the system is running. You would also need to clear the kextcache and then reboot.
Block or Disable USB storage Devices on Mac |
3. In order to clear the Kextcache open Terminal from Utilities folder and enter the following command:
$ sudo touch /System/Library/Extensions
The touch command changes the modified date of the /System/Library/Extensions folder. When the folder has a new modified date, the Extension cache files (located in /System/Library/) are deleted and rebuilt by Mac OS X.
4. Choose Finder > Secure Empty Trash to delete the file.
5. Restart the system.
Method 2
Block or Disable USB Port on Mac OS X by unloading the Kernel Extension
USB storage devices can also be blocked or disabled by unloading the USB storage input /output kernel extension ( .Kext file ).The USB kext on OS X is loaded at the time of start of the system, this can be loaded / unloaded using kextload or kextunload command. To disable USB port on Mac , follow below steps:
1. Open Terminal from Applications > Utilties folder.
2. Type the following commands and hit return key.
cd /System/Library/Extensions/
sudo kextunload IOUSBMassStorageClass.kext
Block or Disable USB storage Devices on Mac |
3. This will block or disable the USB port for Mass storage devices.
If you want to re-enable the USB port you can just re load the IOUSBMassStorageClass.kext using the following kextload command.
cd /System/Library/Extensions/
sudo kextload IOUSBMassStorageClass.kext
Note :- Kextunload command is not a permanent fix to block / disable the USB Storage devices on Mac as it only works up to next reboot.You will need to unload it again after the reboot to block / disable USB storage devices on mac.
When you block or disable the USB storage devices on your Mac, the Time Machine backup drive connected to your local computer will also be disabled but the Time capsule hard drive or any network attached storage devices ( NAS HDD ) would still work because they are connected using Apple File Protocol (AFP).
Important Update ( Date updated : Sep 17th, 2017) :
Starting from Mac OS X El Capitan Ver 10.11, Apple has introduced a new featured called ” System Integrity Protection” ( SIP, also known as Rootless) which prevent anyone from editing, deleting or moving any system protected files including kernel extensions( kexts) or hardware drivers. If you need to edit or delete them you must disable or turn the SIP feature off.
So above mentioned steps to disable or Block USB storage device on Mac will not work until you disable it.
To Disable System Integrity Protection:
- Reboot your Mac in Recovery Mode
- Open Terminal from Utilities menu at the top.
- Type the following command.
csrutil disable
This doesn't work on Yosemite and up.
Hi Kino, Could you tell me the steps you followed and the results with any error (if occurred any) on Yosemite. You might need to turn off the System Integrity Protection ( SIP) features which protects the important system files from being altered or modified.Let me know the challenge you have.
Keep in mind that this only protects a machine that is encrypted with FileVault. Else someone could boot into Recovery HD and mount the volume, and restore the USB drivers from inside Recovery HD… rapidly.
Enabling FileVault and Firmware Password may seem trivial/obvious, but the average user should be aware that both are needed to harden this procedure properly.
This is the error I get;
(kernel) Can't remove kext com.apple.iokit.IOUSBMassStorageClass; services failed to terminate – 0xdc008018.
Failed to unload com.apple.iokit.IOUSBMassStorageClass – (libkern/kext) kext is in use or retained (cannot unload).
I am running El Capitan 10.11.6
u need to unload com.apple.driver.AppleUSBCardReader first
Doesn’t exist in Catalina
Thanks, that worked.
For others, run this command first:
kextunload -b com.apple.driver.AppleUSBCardReader
I found a product called Endpoint Protector Basic on the website you mentioned. It really does the job. Thanks for the hint!