Skip to main content

How to disable USB ports on Mac OS X Mavericks, Yosemite or El Capitan ?

We might wonder how to disable the USB ports on Mac to prevent data copy to external USB mass storage devices. The USB kext on os x is loaded at the time of start of the system, this can be loaded / unloaded using kextload or kextunload command. To disable USB port on Mac , follow below steps:

On Macs running Mountain Lion, Mavericks  and Yosemite:

  1. Unmount any connected USB devices to the system by running below command                  $diskutil unmount /Volumes/USBDISK.
  2. Now unload the USB related kernel extensions in the following order using kextunload command.
           sudo kextunload -b com.apple.driver.AppleUSBCardReader

           sudo kextunload -b com.apple.driver.AppleUSBODD

           sudo kextunload -b com.apple.iokit.IOUSBMassStorageClass


       This will unload the USB kext and disable the USB ports for storage devices on Mountain Lion, Mavericks  and Yosemite.

On Mac running El Capitan:

  1. Unmount any connected USB devices to the system by running below command                  $diskutil unmount /Volumes/USBDISK.
  2. Now unload the USB related kernel extensions in the following order using kextunload command.
          sudo kextunload -b com.apple.iokit.IOUSBMassStorageDriver

      
      This should disable the USB ports for external storage devices.




To load back the USB kext or Enable USB ports follow below steps :

      On Macs running Mountain Lion, Mavericks  and Yosemite:

       1. Run the kextload command to load above unloaded kexts in reverse order of unload.

           sudo kextload -b com.apple.iokit.IOUSBMassStorageClass

           sudo kextload -b com.apple.driver.AppleUSBODD

           sudo kextload -b com.apple.driver.AppleUSBCardReader

      This will enable the USB port on the OSX system for storage devices.


    On Macs running El Capitan (11.0.x):

      1. Run the kextload command to load above unloaded kexts in reverse order of unload.
  
           sudo kextload -b com.apple.iokit.IOUSBMassStorageDriver

           sudo kextload -b com.apple.driver.AppleUSBCardReader (If your Mac has card reader)
           sudo kextload -b com.apple.driver.AppleUSBODD


        This will enable the USB port on the OSX system for storage devices.



   
           






Comments

  1. I just tried the command "sudo kextunload -b com.apple.iokit.IOUSBMassStorageDriver" on my Mac running on El-Captain. But the following error is getting.

    a013mdtrv:~ root# sudo kextunload -b com.apple.iokit.IOUSBMassStorageDriver
    (kernel) Kext com.apple.iokit.IOUSBMassStorageDriver not found for unload request.
    Failed to unload com.apple.iokit.IOUSBMassStorageDriver - (libkern/kext) not found.
    a013mdtrv:~ root# sudo kextload -b com.apple.driver.AppleUSBFTDI

    Please help me with this issue.

    ReplyDelete
    Replies
    1. If you are getting error as "Kext com.apple.iokit.IOUSBMassStorageDriver not found for unload request." then the kernel extension is not currently loaded in the system. The kext if loaded only can be unloaded. restart your system to verify whether com.apple.iokit.IOUSBMassStorageDriver kext is loaded or not by running kextstat command

      Delete
  2. Not working in El Capitan.. The USB Storage devices working fine when the Mac is rebooted or even in user logoff/logon.

    Thanks,
    Alex L

    ReplyDelete
    Replies
    1. Please note the kexts unless removed gets reloaded again when system is rebooted. If you dont want the kexts to load on reboot then move the respective kexts to another location on the system. I would not recommend moving device related kexts from their default locations.

      Delete
    2. You can even write a lauchdaemon file to perform unload of these kexts upon boot.

      Delete
  3. This seems great! Is their any solution to control the access of USB drive per user?

    ReplyDelete
    Replies
    1. Per user may not be possible from unloaded kexts , User level apps might come handy here to cotrol USB access.

      Delete
  4. I keep getting a
    "Can't remove kext com.apple.iokit.IOUSBMassStorageDriver; services failed to terminate - 0xdc008018.
    Failed to unload com.apple.iokit.IOUSBMassStorageDriver - (libkern/kext) kext is in use or retained (cannot unload)."

    Is there anyway around that?

    Thanks

    ReplyDelete
  5. after running command ask me for password, how caould i skip this? i will send this command to several computers via LANDESK software.

    ReplyDelete
    Replies
    1. sudo has a option to supply password to it. Please read man page of sudo. man sudo would help!

      Delete
  6. Why iMac Macbook production before Maverick Osx no internet recovery
    this an answer

    ReplyDelete

Post a Comment

Popular posts from this blog

How to find firmware or boot ROM version in Mac OS X

Firmware and boot ROM version of your mac can be found in two ways. Way 1 : 1. From "Apple" menu , choose "About This Mac" menu item. 2. Click " More Info " to open "System Profiler" application. 3. Under Contents -> Select Hardware Tree item. On the right side panel Under hardware overview section, we can see Boot ROM Version and SMC (Firmware) Version. Way 2 : Run the below command in terminal to get boot ROM version and SMC(firmware) version : $ system_profiler SPHardwareDataType | grep -i "Version" | awk -F ':' '{print $1 $2}'

How to extract signing certificates from macOS binary files

Code signing is a macOS security technology that you use to certify that an app was created by you. Once an app is signed, the system can detect any change to the app—whether the change is introduced accidentally or by malicious code. As Apple Developer site says ( click here for more details  on code signing) : code signing allows the operating system to: Ensure that a piece of code has not been altered since it was signed.  The system can detect even the smallest change, whether it was intentional (by a malicious attacker, for example) or accidental (as when a file gets corrupted). When a code signature is intact, the system can be sure the code is as the signer intended. Identify code as coming from a specific source (a developer or signer).  The code signature includes cryptographic information that unambiguously points to a particular author. Determine whether code is trustworthy for a specific purpose.  Among other things, a developer can use a code signature to s

What are the useful nvram settings in macOS ?

The OS X boot arguments are useful for troubleshooting problems with system startup and how the system behaves when running. sudo nvram boot-args="-v" :  This command will set the system to always boot to verbose mode, so we do not need to hold Command + V at system startup. sudo nvram boot-args="-x" :  This will set the system to always boot into Safe Mode. sudo nvram boot-args="-s" :  This command will boot the system into single user mode without needing to hold Command-S at system startup. sudo nvram boot-args="iog=0x0"  :   when you close the display but connect the system to an external monitor and keyboard the system will stay awake. After running this command, when connecting an external monitor, the internal display will be disabled, which can be beneficial in some situations such as those where you are mirroring your desktop but wish to run the external display at a higher resolution than your laptop can run. sudo nvram b