The Device Control page in Nebula displays the action taken on USB drives connected to endpoints in the last 90 days.
Device control data is historical so items cannot be deleted from this page. Historical data shows read-only or blocked items based on the policy settings. To configure Device Control, see Configure Protection settings in Nebula.
View and sort data
The main area of the Device Control screen shows the list of all quarantined threat data. Each column can be filtered to narrow the results. You can customize data in the results list in the following ways:
- Click Add / Remove Columns above the results list to choose which columns to display.
- Drag and drop certain column headers to the results bar to group data by those parameters.
- Use the filters in the column headers to view specific data.
- Hover your cursor over a column header to reveal a hamburger icon with options to pin and auto-size columns.
Click on a column filter icon to narrow the results. When clicking on the filter icon, the filter list at the top of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all.
To download data to your local machine:
- Select all or check specific boxes for the rows you want to export.
- At the top-right of the Vulnerabilities page, click Export.
Expand device control details
Under the Name column, click one of the device names to view more details. In the Device Control Details window, you can view the following information:
- Action Taken: Shows limited or blocked access to the USB device.
- Agent version: Version of the Malwarebytes Endpoint agent.
- Date: Date and time of the USB device controlled event.
- Device: The name of the USB device.
- Device file system: File system of the USB device.
- Endpoint: Click the endpoint name to go to the Overview page for the endpoint.
- Group: Assigned group of the endpoint.
- IP address/CIDR: IP address of the endpoint.
- Manufacturer: The manufacturer of the USB device.
- OS platform: The operating system platform of the endpoint.
- OS release name: The operating system release name of the endpoint.
- OS type: Whether the endpoint was a Workstation or Server.
- OS version: The operating system of the endpoint.
- Path: Path of the detected device.
- Serial number: The serial number of the USB device.
- User: Logged in user during this detected activity.
- Volume: The drive letter for this USB device on the endpoint.
Return to the Malwarebytes Nebula Administrator Guide.