Editing a device access rule

A device access rule is a group of settings that determine how users can access devices that are installed or connected to the computer. These settings include access to a specific device, an access schedule, and read or write permissions. You cannot add a device that is outside of Device Control classification. Access to such devices is allowed for all users.

To edit a device access rule:

  1. In the main application window, click the Application settings icon in the form of a gear wheel. button.
  2. In the application settings window, select Security ControlsDevice Control.
  3. In the Access settings block, click the Devices and Wi-Fi networks button.

    The opened window shows access rules for all devices that are included in the Device Control component classification.

    Window for configuring access to devices. The user can configure access to devices, and set additional access parameters, such as the access schedule.

    Types of devices in the Device Control component

  4. In the Access To Storage Devices block, select the access rule that you want to edit. The block contains devices that have a file system for which you can configure additional access settings. By default, a device access rule grants all users full access to the specified type of devices at any time.
    1. In the Access column, select the appropriate device access option:
      • Allow.
      • Block.
      • Depends on connection bus.

        To block or allow access to a device, configure access to the connection bus.

      • By rules.

        This option lets you configure user rights, permissions, and a schedule for device access.

    2. In the Users' rights block, click the Add button.

      This opens a window for adding a new device access rule.

    Device Control rule configuration window. The user can assign the rule priority, add users to the rule, and set the rule schedule.

    Device Control rule settings

    1. Assign a priority to the rule entry. A rule includes the following attributes: user account, schedule, permissions (read/write), and priority.

      A rule has a specific priority. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. Kaspersky Endpoint Security allows to assign priority from 0 to 10,000. The higher the value, the higher the priority. In other words, an entry with the value of 0 has the lowest priority.

      For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 1 for the administrators group and assign a priority of 0 for the Everyone group.

      The priority of a block rule is higher than the priority of an allow rule. In other words, if a user has been added to multiple groups and the priority of all rules are the same, Kaspersky Endpoint Security regulates device access based on any existing block rule.

    2. Set the Enabled status for the device access rule.
    3. Configure users' device access permissions: read and/or write.

      You can select users in Active Directory, in the list of accounts in Kaspersky Security Center, or by entering a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts.

    4. Configure a device access schedule for users.
    5. Click Add.
  5. In the Access To External Devices block, select the rule and configure access: Allow, Block, or Depends on connection bus. If necessary, configure access to the connection bus.
  6. In the Access to Wi-Fi networks block, click the Wi-Fi link and configure access: Allow, Block, or Block with exceptions. If necessary, add Wi-Fi networks to the trusted list.

    A window with the list of Wi-Fi networks. The user can configure access to all Wi-Fi networks and add trusted Wi-Fi networks.

    Wi-Fi access settings

  7. Save your changes.
Page top