Filter External HDD

I’m developing usb filter driver to block usb devices by its serial number.
and it can’t block external hdd.
how can i block external hdd by its serial number?

You query the drive for its serial number and hope it actually provides one.
Mark Roddy

Many USB thumb drives either don’t have a serial number or use the same one … what is the problem you are attempting to solve?

@craig_howard said:
Many USB thumb drives either don’t have a serial number or use the same one … what is the problem you are attempting to solve?

I’d like to block usb hdd except specific ones

I haven’t dealt in this area for a decade, but be aware that determining that a drive is USB used to not be as easy as it seemed. I don’t know what things are like now, but there were surprises along the way.

Also, what are you going to do for situation that craig_howard spells out where you don’t have a serial number? Assuming this is for security you should be thinking of more than just a serial number.

When you say “specific ones” do you mean USB’s from a specific vendor/ model (which will have a unique VID/PID, easy to detect, but means you will need to be forever updating those blacklisted VID/PIDs when the vendor ships a new device) or USB’s that you have initialized in some way (which means you can put a PBKDF2 hash in a specific file on the USB, reject if it doesn’t match but which means there is an initialize step)?

There’s also a potential problem with the “block usb hdd” request … most (likely “all” but I’m going to hedge my answer) USB drives to through the MS class driver these days, which means you’re going to have to intercept the load with a filter driver of some sort, then fail the load … there are discussions here about USB filter drivers and actually quite a few threads here through the years about blocking USB access; most of them eventually end up as the best way to block a USB device is to plug the ports with some silicone caulk …

Have you read those threads and understand the issues you may be facing?

Usually in the corporate world, it is management software plus corporate IT policy. The policy part is important as the technology side is not fool proof.

One example software management solution:
https://www.crowdstrike.com/blog/tech-center/falcon-device-control/