USBTripwire

USBTripwire is a lightweight endpoint security desktop app (Windows/macOS) focused on one ugly, common problem: unknown USB devices. It enforces a simple policy engine (allowlist, blocklist, read-only mode, time-bound approvals) and logs every insertion with device fingerprinting. When a new device appears, it can automatically mount it in a sandboxed, read-only session and run fast static checks for suspicious file patterns (autorun tricks, shortcut abuse, known malware hashes) before any user can execute content. An optional AI assistant summarizes the event in plain English for non-security staff and drafts a ticket for IT. This is not a full EDR replacement; it’s a targeted control that reduces a high-risk attack path with minimal overhead. It integrates with MDM/IdP for policy distribution and supports offline mode for field laptops.