Device Control

Device Control manages user access to devices that are installed on or connected to the computer (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the computer from infection when such devices are connected, and prevent loss or leaks of data.

Device Control provides the following functionality:

• Managing user access permissions to storage devices (for example, removable drives, mobile phones, CD/DVD drives, and so on).
• Controlling the connection of devices without a file system (for example, external modems, Bluetooth adapters, USB keyboards, and so on).
• Managing Wi-Fi connections.

By default, Device Control is disabled. When you enable Device Control, by default, Kaspersky Embedded Systems Security denies access to the following device types:

• Removable drives (including USB flash drives)
• Floppy disks
• CD/DVD drives
• Portable devices (MTP)
• Modems.
• Smart card readers
• External network adapters
• Bluetooth (except input devices)

Device Control levels

Kaspersky Embedded Systems Security controls device access on the following levels:

1. Device type.

   When connecting a device to the computer, the operating system determines the type of the device: printer, removable drive, CD/DVD drive, and so on. On this level, you can allow or deny the connection of devices by type.

2. Connection bus.

   A connection bus is an interface used for connecting devices to the computer. Some device types have multiple connection interfaces. For example, you can connect a printer to USB or serial (COM) port.

   At this level, you can allow or deny access to devices depending on connection bus.

   For example, suppose you denied access via USB. Kaspersky Embedded Systems Security denies access to all device types with Depends on connection bus mode when connected via USB.

   If the Allow or Block access mode is selected for the device, access control disregards the connection bus of the device.

3. Trusted devices.

   Trusted devices are devices to which users that are specified in the trusted device settings have full access at all times.

Device Control operating modes

Device Control can work in the following modes:

• Active mode.

  Kaspersky Embedded Systems Security denies or allows devices based on configured device access rules. The application also allows access to trusted devices. The application registers device connection and disconnection events.

• Inform.

  Kaspersky Embedded Systems Security allows all devices and logs corresponding events. All devices are allowed. This mode is set by default. You can enable this mode to conduct an audit of devices in your organization and use this information to draft a list of trusted devices.

In this Help section Device Access Rules Device Access Control by type Control of Wi-Fi connections Control of printing Input device control (HID) Monitoring usage of removable drives Managing access to Bluetooth devices Differentiation of user access rights to devices External device audit Adding trusted devices Exporting and importing the list of trusted devices

Page top