When the Device Control task is running, Kaspersky Endpoint Security manages user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks.
By default, the Device Control task starts automatically when the application starts. You can stop the task at any moment if necessary.
The Device Control task manages user access to devices using the access rules. You can select the action to be performed by the Device Control task: apply rules or notify about the start of a device that matches a rule.
Device Control task manages user access at the following levels:
You can add devices to a list of trusted devices by ID. Each device has a unique DeviceId. You can view the IDs of the connected devices by executing the kesl-control --get-device-list command.
When the task is launched for the first time, the DeviceAllowed event is generated for all detected devices with a known device or bus type. During subsequent launches, duplicate events are not generated for these devices if there have been no changes in the task settings for these devices.
If the Device Control task stops running, the application unblocks access to blocked devices.
In the general application settings, if the InterceptorProtectionMode setting is set to Notify, it is not possible to block access to devices using a device access schedule (the [Schedules.item_#] section).
Kaspersky Endpoint Security ignores the excluded mount points for the Device Control task. The access rules apply to devices mounted in a globally excluded mount point.