Device Control allows controlling access to devices by device type. The type of a device is determined by the operating system when the device is connected. You can find out the device type using the Device manager tool built into the operating system. To manage device access, you need to configure rules. A device access rule is a group of settings that determine how users can access devices that are installed or connected to the computer. These settings include access to a specific device, an access schedule, read or write permissions and others. The group of settings for an access rule differs depending on the type of device.
You can configure device access as follows:
Allow.
Kaspersky Embedded Systems Security grants full access to devices to all users.
Kaspersky Embedded Systems Security identifies the connection bus of the device and performs access control in accordance with the access mode of the connection bus. The application also allows connecting trusted devices.
Be careful when configuring access to devices of the Hard drives type. If you prohibit access to the system drive, the application may crash the booting operating system (BSOD).
If a device falls outside the Device Control classification scheme, access to such a device cannot be restricted.
In the Kaspersky Security Center Administration Console tree, select the Policies folder.
Select the necessary policy and double-click to open the policy properties.
In the policy properties window, select Local activity control.
In the Device Control section, click Settings.
Select the Device Control check box.
In the Operating mode for blocking rules block, select Block or Inform.
Under Device Control settings, select the Types of devices tab.
The Types of devices tab shows access rules for all devices that are included in the Device Control component classification.
Configure the device access rules:
Select an access mode: Allow, Block, Depends on connection bus, By rules.
To select the By rules access mode, you must double-click to open access rule properties.
If you select the Depends on connection bus access mode, you must configure access rules for connection interfaces on the Connection buses tab.
For storage devices (for example, removable drives), you can configure access rights of individual users. You can also configure a device access schedule and configure read and write permissions.
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Embedded Systems Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Local activity control → Device Control and click the Configure button.
The Device Control window opens.
Select the Enable Device Control check box.
In the Operating mode for blocking rules block, select Block or Inform.
In the Device Control Settings block, click Access rules for devices and Wi-Fi networks.
A window opens with access rules for all devices that are included in the Device Control component classification.
Configure the device access rules:
Select an access mode: Allow, Block, Depends on connection bus, By rules.
If the access mode is not available in the drop-down menu, open the properties of the access rule by double-clicking the device type.
If you select the Depends on connection bus access mode, you must go back to the window with general Device Control settings, click Connection buses, and configure access rules for connection interfaces.
For storage devices (for example, removable drives), you can configure access rights of individual users. You can also configure a device access schedule and configure read and write permissions.
In the Kaspersky Embedded Systems Security Console tree, select Computer Control → Device Control.
In the results pane of the Device Control node, click Properties.
The Properties:Device Control window opens.
Select the Device Control check box.
In the Operating mode for blocking rules block, select Block or Inform.
Under Device Control settings, select the Types of devices tab.
A window opens with access rules for all devices that are included in the Device Control component classification.
Configure the device access rules:
Select access mode: Allow, Block, Depends on connection bus, By rules.
To select the By rules access mode, you must double-click to open access rule properties.
If you select the Depends on connection bus access mode, you must configure access rules for connection interfaces on the Connection buses tab.
For storage devices (for example, removable drives), you can configure access rights of individual users. You can also configure a device access schedule and configure read and write permissions.
As a result, when the user attempts to gain access to the device, the application blocks the access in accordance with the rules. Kaspersky Embedded Systems Security also logs the corresponding event. If you want to grant access to individual devices, you can add these devices to the list of trusted devices.
.
.