About Device Control task

While the Device Control task is running, Kaspersky Endpoint Security manages user access to devices that are installed on or connected to the computer (for example, hard drives, smart card readers, or Wi-Fi modules). This lets you protect the computer from infection when such devices are connected, and prevent loss or leaks of data.

Device Control manages user access to devices by using access rules.

Device Control controls access at the following levels:

• Device class. For example, printers, removable drives, or CD/DVD drives.

  For each type of devices, you can specify Allow, Block, or DependsOnBus access rules. If the DependsOnBus value is specified, access to the device is defined by the connection bus access rule.

• Connection bus. A connection bus is an interface used for connecting devices to the computer (USB or FireWire).

  For each connection bus, you can specify Allow or Block access rules.For example, you can allow or block the connection of all devices over USB.

• Trusted devices. Trusted devices are devices to which users have full access.

  You can add devices to a list of trusted devices by the device ID. Each device has a unique ID. You can view ID of the connected devices by executing the kesl-control --get-device-list command.

When a device that is blocked by Device Control is connected to the computer, Kaspersky Endpoint Security blocks user access to this devices and shows a notification. You can view blocked devices in the list of connected devices (Blocked: Yes).

The Device Control task is started by default on Kaspersky Endpoint Security start. You can stop the task at any time if necessary.

Page top