When the Device Control task is running, Kaspersky Endpoint Security manages user access to devices that are installed on or connected to the computer (for example, hard drives, smart card readers, or Wi-Fi modules). This lets you protect the computer from infection when such devices are connected, and prevent data loss or leaks.
By default, the Device Control task starts automatically when the application starts. You can stop the task at any moment if necessary.
The Device Control task manages user access to devices using the access rules.
Device Control task manages user access at the following levels:
For each device type, you can specify the following access rules: Allow, Block, or DependsOnBus. If the DependsOnBus value is specified, access to the device is defined by the connection bus access rule.
For each connection bus, you can specify the following access rules: Allow or Block. For example, you can allow or block connection of all USB devices.
You can add devices to a list of trusted devices by ID. Each device has a unique ID. You can view the IDs of the connected devices by executing the kesl-control --get-device-list command.
If a device blocked by Device Control task is connected to a computer, the application blocks user access to this device and shows a notification. You can view blocked devices in the list of connected devices (Blocked: Yes).
Kaspersky Endpoint Security ignores the excluded mount points for the Device Control task. The access rules apply to devices mounted in a globally excluded mount point.