Device Control

Device Control ensures the security of confidential data by restricting user access to devices that are installed on the computer or connected to it, including:

Data storage devices (hard drives, removable drives, tape drives, CD/DVD drives)
Data transfer tools (modems, external network cards)
Devices that are designed for converting data to hard copies (printers)
Connection buses (also referred to as simply "buses"), referring to interfaces for connecting devices to computers (such as USB, FireWire, and Infrared)

Device Control manages user access to devices by applying device access rules (also referred to as "access rules") and connection bus access rules (also referred to as "bus access rules").

If access to a device depends on the connection bus (the DC_Access_to_Bus status), Kaspersky Endpoint Security does not save device connection/disconnection events. To enable Kaspersky Endpoint Security to save device connection/disconnection events, allow access to the device (the DC_Access_Allow status) or add the device to the trusted list.

Device Control component settings

Parameter	Description
Allow requests for temporary access	If the check box is selected, the Request access button is available through the local interface of Kaspersky Endpoint Security. Clicking this button opens the Request access to device window. In this window, the user can request temporary access to a blocked device.
Access rules for devices and Wi-Fi networks	This table contains all possible types of devices according to the classification of the Device Control component, including their respective access statuses.
Connection buses	This table contains a list of all available connection buses according to the Device Control component's classification, including their respective access statuses.
Trusted devices	This table contains the following information: Name. This column displays the names of the trusted devices. Users. This column displays the names of the users and / or groups of users who are always granted full access to devices. Comment. The column shows information about trusted devices that was entered while devices were being added to the Trusted list. Device model / ID. This column displays the models and / or IDs of trusted devices. Device type. This column displays the type of a particular device.
Anti-Bridging	Connection rules table. If the rule is used, Kaspersky Endpoint Security: Blocks the active connection when establishing a new connection, if the device type specified in the rule is used for both connections. Blocks connections established using the device types for which lower-priority rules are used.
Templates	Message to user. The entry field contains the template of the message that is displayed when the user attempts to access a blocked device or to perform a forbidden operation with device content. Message to administrator. The entry field contains a template of the message that is sent to the LAN administrator when the user believes that access to the device is blocked or an operation with device content is forbidden by mistake.

See also: Managing the application via the local interface

About rules of access to devices and connection buses

About trusted devices

Enabling and disabling Device Control

Standard decisions on access to devices

Editing a device access rule

Adding or excluding records to or from the event log

Adding a Wi-Fi network to the trusted list

Editing a connection bus access rule

Actions with trusted devices

Editing templates of Device Control messages

Anti-Bridging

Obtaining access to a blocked device

Creating a key for accessing a blocked device using Kaspersky Security Center

Page top