This section describes parameters of the Device Control task.
All available values and default values for each setting are described below.
Section [DeviceClass]
The [DeviceClass] section specifies access rules for devices depending on their type.
HardDrive
Specifies access rules for hard drives connected to a computer.
Available values:
Allow—Access to all hard drives is allowed for users.
DependsOnBus—Access to hard drives depends on the connection bus access rule.
Block—Access to all hard drives (except system hard drives, which are never blocked by the Device Control task) is blocked for users.
ByRule—Access to hard drives depends on the access rules.
Default value: DependsOnBus
RemovableDrive
Specifies access rules for removable drives connected to a computer.
Available values:
Allow—Access to all removable drives is allowed for users.
DependsOnBus—Access to removable drives depends on the connection bus access rule.
Block—Access to all removable drives is blocked for users.
ByRule—Access to removable drives depends on the access rules.
Default value: DependsOnBus
FloppyDrive
Specifies access rules for floppy disks connected to a computer.
Kaspersky Endpoint Security does not block floppy disks connected to a computer via ISA bus.
Available values:
Allow—Access to all floppy disks is allowed for users.
DependsOnBus—Access to floppy disks depends on the connection bus access rule.
Block—Access to all floppy disks is blocked for users.
ByRule—Access to floppy drives depends on the access rules.
Default value: DependsOnBus
OpticalDrive
Specifies access rules for CD/DVD drives connected to a computer.
Available values:
Allow—Access to all CD/DVD drives is allowed for users.
DependsOnBus—Access to CD/DVD drives depends on the connection bus access rule.
Block—Access to all CD/DVD drives is blocked for users.
ByRule—Access to CD/DVD drives depends on the access rules.
Default value: DependsOnBus
SerialPortDevice
Specifies access rules for devices connected to a computer through a serial port.
Kaspersky Endpoint Security does not block devices connected to a computer through a serial port via ISA bus.
Available values:
Allow—Access to all devices connected through a serial port is allowed for users.
DependsOnBus—Access to devices connected through a serial port depends on the connection bus access rule.
Block—Access to all devices connected through a serial port is blocked for users.
Default value: DependsOnBus
ParallelPortDevice
Specifies access rules for devices connected to a computer through a parallel port.
Available values:
Allow—Access to all devices connected through a parallel port is allowed for users.
DependsOnBus—Access to devices connected through a parallel port depends on the connection bus access rule.
Block—Access to all devices connected through a parallel port is blocked for users.
Default value: DependsOnBus
Printer
Specifies access rules for printers connected to a computer.
Available values:
Allow—Access to all printers is allowed for users.
DependsOnBus—Access to printers depends on the connection bus access rule.
Block—Access to all printers is blocked for users.
Default value: DependsOnBus
Modem
Specifies access rules for modems connected to a computer.
Available values:
Allow—Access to all modems is allowed for users.
DependsOnBus—Access to modems depends on the connection bus access rule.
Block—Access to all modems is blocked for users.
Default value: DependsOnBus
TapeDrive
Specifies access rules for tape devices connected to a computer.
Available values:
Allow—Access to all tape devices is allowed for users.
DependsOnBus—Access to tape devices depends on the connection bus access rule.
Block—Access to all tape devices is blocked for users.
Default value: DependsOnBus
MultifuncDevice
Specifies access rules for multifunctional devices connected to a computer.
Available values:
Allow—Access to all multifunctional devices is allowed for users.
DependsOnBus—Access to multifunctional devices depends on the connection bus access rule.
Block—Access to all multifunctional devices is blocked for users.
Default value: DependsOnBus
SmartCardReader
Specifies access rules for smart card readers connected to a computer.
Available values:
Allow—Access to all smart card readers is allowed for users.
DependsOnBus—Access to smart card readers depends on the connection bus access rule
Block—Access to all smart card readers is blocked for users.
Default value: DependsOnBus
WiFiAdapter
Specifies access rules for Wi-Fi adapters connected to a computer.
Available values:
Allow—Access to all Wi-Fi adapters is allowed for users.
DependsOnBus—Access to Wi-Fi adapters depends on the connection bus access rule.
Block—Access to all Wi-Fi adapters is blocked for users.
Default value: DependsOnBus
NetworkAdapter
Specifies access rules for external network adapters connected to a computer.
Available values:
Allow—Access to all external network adapters is allowed for users.
DependsOnBus—Access to external network adapters depends on the connection bus access rule.
Default value: DependsOnBus
PortableDevice
Specifies access rules for portable devices connected to a computer.
Available values:
Allow—Access to all portable devices is allowed for users.
DependsOnBus—Access to portable devices depends on the connection bus access rule.
Block—Access to all portable devices is blocked for users.
Default value: DependsOnBus
BluetoothDevice
Specifies access rules for Bluetooth devices connected to a computer.
Available values:
Allow—Access to all Bluetooth devices is allowed for users.
DependsOnBus—Access to Bluetooth devices depends on the connection bus access rule.
Block—Access to all Bluetooth devices is blocked for users.
Default value: DependsOnBus
ImagingDevice
Specifies access rules for imaging devices connected to a computer.
Available values:
Allow—Access to all imaging devices is allowed for users.
DependsOnBus—Access to imaging devices depends on the connection bus access rule.
Block—Access to all imaging devices is blocked for users.
Default value: DependsOnBus
InputDevice
Specifies access rules for input devices (keyboards, mouse, touchpad, and other) connected to a computer.
Available values:
Allow—Access to all input devices is allowed for users.
DependsOnBus—Access to input devices depends on the connection bus access rule.
Block—Access to all input devices is blocked for users.
Default value: DependsOnBus
SoundAdapter
Specifies access rules for sound adapters connected to a computer.
Available values:
Allow—Access to all sound adapters is allowed for users.
DependsOnBus—Access to sound adapters depends on the connection bus access rule.
Block—Access to all sound adapters is blocked for users.
Default value: DependsOnBus
Section [DeviceBus]
The [DeviceBus] section specifies connection bus access rules that determine whether the connection of devices is allowed or forbidden.
USB
Specifies connection bus access rules for devices connected to a computer via USB interface.
Available values:
Allow—Access to all USB-devices is allowed for users.
Block—Access to all USB-devices is blocked for users.
Default value: Allow
FireWire
Specifies connection bus access rules for devices connected to a computer via FireWire interface.
Available values:
Allow— Access to all devices connected via FireWire interface is allowed for users.
Block—Access to all devices connected via FireWire interface is blocked for users.
Default value: Allow
Section [TrustedDevices.item_#]
The [TrustedDevices.item_#] section specifies trusted devices to which users have full access at any time.
ID
Specifies ID or ID mask of a trusted device. You can use * (any sequence of characters) or ? (any single character) masks to specify a device ID.
Comment
Adds a comment to the specified trusted device.
Section [Schedules.item_#]
The [Schedules.item_#] section specifies the access schedules for the devices. You can configure schedules only for hard drives, removable drives, floppy disks, and CD/DVD drives.
ScheduleName
Specifies a schedule name.
Default value: Default
The Default schedule allows full access to devices to all users at any time if access by the connection bus is allowed for the respective device type. You cannot delete the Default schedule.
DaysHours
Specifies time intervals for a schedule.
Available values:
All—The schedule covers 24/7 (no time limitation).
<week_day>—Days of a week. You can use either the full week day names or abbreviations (for example, for Monday, you can specify Mo, or Mon, or Monday). For week days, you can specify intervals or specific days. The week starts from Sunday.
<hour>—Hours [0:24]. For hours, you can specify only intervals.
Default value: All
Examples: Specify schedule
Specify schedule
Specify schedule
|
Section [HardDrivePrincipals.item_#]
The [HardDrivePrincipals.item_#] section specifies access rules for hard drives.
For hard drives, at least one schedule must always be enabled. You can assign several access rules to a hard drive.
Also, multiple schedules can be specified for a user or group of users. If access schedules for a user or group conflict, minimal access rights are granted.
Principal
Specifies a user or group of users for whom the access rule is applied.
Available values:
Everyone—The access rule is applied to all users.
<user name>—Name of a user for whom the access rule is applied.
@<group name>—Name of a group of users for whom the access rule is applied.
Default value: Everyone
[HardDrivePrincipals.item_#.AccessRules.item_#]
Access rule settings.
UseRule
Specifies whether the rule is enabled or disabled.
Available values:
Yes—The access rule is enabled.
No—The access rule is disabled.
Default value: Yes
ScheduleName
Specifies schedule defined in the [Schedules.item_#] section. The access rule is applied only on the days and hours covered by the schedule.
Default value: Default
Access
Specifies access type.
Available values:
Allow—Access to hard drives is allowed.
Block—Access to hard drives is blocked.
Default value: Allow
Section [RemovableDrivePrincipals.item_#]
The [RemovableDrivePrincipals.item_#] section specifies access rules for removable drives.
For removable drives, at least one schedule must always be enabled. You can assign several access rules to a removable drive.
Also, multiple schedules can be specified for a user or group of users. If access schedules for a user or group conflict, minimal access rights are granted.
Principal
Specifies a user or group of users for whom the access rule is applied.
Available values:
Everyone—The access rule is applied to all users.
<user name>—Name of a user for whom the access rule is applied.
@<group name>—Name of a group of users for whom the access rule is applied.
Default value: Everyone
[RemovableDrivePrincipals.item_#.AccessRules.item_#]
Access rule settings.
UseRule
Specifies whether the rule is enabled or disabled.
Available values:
Yes—The access rule is enabled.
No—The access rule is disabled.
Default value: Yes
ScheduleName
Specifies schedule defined in the [Schedules.item_#] section. The access rule is applied only on the days and hours covered by the schedule.
Default value: Default
Access
Specifies access type.
Available values:
Allow—Access to removable drives is allowed.
Block—Access to removable drives is blocked.
Default value: Allow
Section [FloppyDrivePrincipals.item_#]
The [FloppyDrivePrincipals.item_#] section specifies access rules for floppy drives.
For floppy drives, at least one schedule must always be enabled. You can assign several access rules to a floppy drive.
Also, multiple schedules can be specified for a user or group of users. If access schedules for a user or group conflict, minimal access rights are granted.
Principal
Specifies a user or group of users for whom the access rule is applied.
Available values:
Everyone—The access rule is applied to all users.
<user name>—Name of a user for whom the access rule is applied.
@<group name>—Name of a group of users for whom the access rule is applied.
Default value: Everyone
[FloppyDrivePrincipals.item_#.AccessRules.item_#]
Access rule settings.
UseRule
Specifies whether the rule is enabled or disabled.
Available values:
Yes—The access rule is enabled.
No—The access rule is disabled.
Default value: Yes
ScheduleName
Specifies schedule defined in the [Schedules.item_#] section. The access rule is applied only on the days and hours covered by the schedule.
Default value: Default
Access
Specifies access type.
Available values:
Allow—Access to floppy drives is allowed.
Block—Access to floppy drives is blocked.
Default value: Allow
Section [OpticalDrivePrincipals.item_#]
The [OpticalDrivePrincipals.item_#] section specifies access rules for CD/DVD drives.
For CD/DVD drives, at least one schedule must always be enabled. You can assign several access rules to a CD/DVD drive.
Also, multiple schedules can be specified for a user or group of users. If access schedules for a user or group conflict, minimal access rights are granted.
Principal
Specifies a user or group of users for whom the access rule is applied.
Available values:
Everyone—The access rule is applied to all users.
<user name>—Name of a user for whom the access rule is applied.
@<group name>—Name of a group of users for whom the access rule is applied.
Default value: Everyone
[OpticalDrivePrincipals.item_#.AccessRules.item_#]
Access rule settings.
UseRule
Specifies whether the rule is enabled or disabled.
Available values:
Yes—The access rule is enabled.
No—The access rule is disabled.
Default value: Yes
ScheduleName
Specifies schedule defined in the [Schedules.item_#] section. The access rule is applied only on the days and hours covered by the schedule.
Default value: Default
Access
Specifies access type.
Available values:
Allow—Access to CD/DVD drives is allowed.
Block—Access to CD/DVD drives is blocked.
Default value: Allow