diff --git a/debian/security-misc-shared.install b/debian/security-misc-shared.install
index a228845..0b4dba2 100755
--- a/debian/security-misc-shared.install
+++ b/debian/security-misc-shared.install
@@ -55,6 +55,7 @@ usr/libexec/security-misc/disable-kernel-module-loading#security-misc-shared =>
 usr/libexec/security-misc/hide-hardware-info#security-misc-shared => /usr/libexec/security-misc/hide-hardware-info
 usr/libexec/security-misc/virusforget#security-misc-shared => /usr/libexec/security-misc/virusforget
 usr/libexec/security-misc/pam_faillock_not_if_x#security-misc-shared => /usr/libexec/security-misc/pam_faillock_not_if_x
+usr/libexec/security-misc/check-for-usb-controller#security-misc-shared => /usr/libexec/security-misc/check-for-usb-controller
 usr/src/security-misc/emerg-shutdown.c#security-misc-shared => /usr/src/security-misc/emerg-shutdown.c
 usr/bin/disabled-gps-by-security-misc#security-misc-shared => /usr/bin/disabled-gps-by-security-misc
 usr/bin/disabled-netfilesys-by-security-misc#security-misc-shared => /usr/bin/disabled-netfilesys-by-security-misc
diff --git a/usr/lib/systemd/system/usbguard.service.d/30_security-misc.conf#security-misc-shared b/usr/lib/systemd/system/usbguard.service.d/30_security-misc.conf#security-misc-shared
index 70accaf..fa87f09 100644
--- a/usr/lib/systemd/system/usbguard.service.d/30_security-misc.conf#security-misc-shared
+++ b/usr/lib/systemd/system/usbguard.service.d/30_security-misc.conf#security-misc-shared
@@ -3,3 +3,4 @@
 
 [Unit]
 ConditionPathExists=/sys/bus/usb
+ExecCondition=/usr/libexec/security-misc/check-for-usb-controller
diff --git a/usr/libexec/security-misc/check-for-usb-controller#security-misc-shared b/usr/libexec/security-misc/check-for-usb-controller#security-misc-shared
new file mode 100755
index 0000000..7688ee2
--- /dev/null
+++ b/usr/libexec/security-misc/check-for-usb-controller#security-misc-shared
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+export LC_ALL='C'
+
+if lspci | grep -q '^[^ ]* USB controller: '; then
+  exit 0
+fi
+exit 1