Monitoring operations on files on removable drives.
Monitoring connection and disconnection of trusted removable drives.
Kaspersky Embedded Systems Security allows monitoring connection and disconnection of all trusted devices and not only removable drives. You can turn on event logging in notification settings for the Device Control component. Events have the Informational severity level.
In the Kaspersky Embedded Systems Security Console tree, select Computer Control → Device Control.
In the results pane of the Device Control node, click Properties.
The Properties:Device Control window opens.
Select the Device Control check box.
In the Operating mode for blocking rules block, select Block or Inform.
Under Device Control settings, select the Types of devices tab.
A window opens with access rules for all devices that are included in the Device Control component classification.
Select the Removable drives device type and click the Logging button.
This opens the event logging window.
Select the Enable logging check box.
In the File operations block, select the operations that you want to monitor: Write, Delete.
In the Filter by file formats block, select the formats of files whose associated operations should be logged by Device Control.
Select the users or group of users whose use of removable drives you want to monitor.
Save your changes.
As a result, when users write to files located on removable drives or delete files from removable drives, Kaspersky Embedded Systems Security will save information about such operations to the event log and send events to Kaspersky Security Center. You can view events associated with files on removable drives in the Kaspersky Security Center Console in the workspace of the Administration Server node on the Events tab. For events to be displayed in the local Kaspersky Embedded Systems Security event log, you must select the File operation performed check box in the notifications settings for the Device Control component.
.
.