Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Data Encryption → Encryption of removable drives.
Click the Add button, and in the drop-down list select one of the following items:
If you want to add encryption rules for removable drives that are in the list of trusted devices of the Device Control component, select From list of trusted devices of this policy.
If you want to add encryption rules for removable drives that are in the Kaspersky Security Center list, select From Kaspersky Security Center list of devices.
In the Encryption mode for selected devices drop-down list, select the action to be performed by Kaspersky Endpoint Security on files stored on the selected removable drives.
Select the Portable mode check box if you want Kaspersky Endpoint Security to prepare removable drives before encryption, making it possible to use encrypted files stored on them in portable mode.
Portable mode lets you use encrypted files stored on removable drives that are connected to computers without encryption functionality.
Select the Encrypt used disk space only check box if you want Kaspersky Endpoint Security to encrypt only those disk sectors that are occupied by files.
If you are applying encryption on a drive that is already in use, it is recommended to encrypt the entire drive. This ensures that all data is protected - even deleted data that might still contain retrievable information. The Encrypt used disk space only function is recommended for new drives that have not been previously used.
If a device was previously encrypted using the Encrypt used disk space only function, after applying a policy in Encrypt entire removable drive mode, sectors that are not occupied by files will still not be encrypted.
In the Actions for devices that were selected earlier drop-down list, select the action to be performed by Kaspersky Endpoint Security according to encryption rules that had been previously defined for removable drives:
If you want the previously created encryption rule for the removable drive to remain unchanged, select Skip.
If you want a previously created encryption rule for a removal drive to be replaced by the new rule, select Update.
Save your changes.
The added encryption rules for removable drives will be applied to removable drives connected to any computers in the organization.