Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy.
Double-click it to open the policy properties window.
In the Data Encryption section, select the Encryption of removable drives subsection.
Click the Add button, and in the drop-down list select one of the following items:
If you want to add encryption rules for removable drives that are in the list of trusted devices of the Device Control component, select From list of trusted devices of this policy.
The Add devices from the list of trusted devices window opens.
If you want to add encryption rules for removable drives that are in the Kaspersky Security Center list, select From Kaspersky Security Center list of devices.
The Add devices from Kaspersky Security Center list window opens.
If you selected From Kaspersky Security Center list of devices during the previous step, specify the filters for displaying devices in the table. To do so:
Specify the values of the following parameters: Display devices in the table for which the following is defined, Name, Computer, and Kaspersky Disk Encryption.
Click the Refresh button.
In the Encryption mode for selected devices drop-down list, select the action to be performed by Kaspersky Endpoint Security on files stored on the selected removable drives.
Select the Portable mode check box if you want Kaspersky Endpoint Security to prepare removable drives before encryption, making it possible to use encrypted files stored on them in portable mode.
Portable mode lets you use encrypted files stored on removable drives that are connected to computers without encryption functionality.
Select the Encrypt used disk space only check box if you want Kaspersky Endpoint Security to encrypt only those disk sectors that are occupied by files.
If you are applying encryption on a drive that is already in use, it is recommended to encrypt the entire drive. This ensures that all data is protected - even deleted data that might still contain retrievable information. The Encrypt used disk space only function is recommended for new drives that have not been previously used.
If a device was previously encrypted using the Encrypt used disk space only function, after applying a policy in Encrypt entire removable drive mode, sectors that are not occupied by files will still not be encrypted.
In the Actions for devices that were selected earlier drop-down list, select the action to be performed by Kaspersky Endpoint Security according to encryption rules that had been previously defined for removable drives:
If you want the previously created encryption rule for the removable drive to remain unchanged, select Skip.
If you want a previously created encryption rule for a removal drive to be replaced by the new rule, select Update.
Click OK.
Lines containing the parameters of the created encryption rules appear in the Custom rules table.
Click OK to save changes.
The added removable drive encryption rules are applied to removable drives that are connected to any computers controlled by the modified policy of Kaspersky Security Center.