A device access rule is a group of settings that determine how users can access devices that are installed or connected to the computer. These settings include access to a specific device, an access schedule, and read or write permissions.
To edit a device access rule:
In the lower part of the main application window, click the button.
In the application settings window, select Protection → Security Controls → Device Control.
In the Configure access block, click the Devices and Wi-Fi networks button.
The opened window shows access rules for all devices that are included in the Device Control component classification.
In the Access to storage devices block, select the access rule that you want to edit. The block contains devices that have a file system for which you can configure additional access settings. By default, a device access rule grants all users full access to the specified type of devices at any time.
In the Access block, select the appropriate device access option:
This option lets you configure user rights, permissions, and a schedule for device access.
In the Users' rights block, click the Add button.
This opens a window for adding a new device access rule.
Assign a priority to the rule. A rule includes the following attributes: user account, schedule, permissions (read/write), and priority.
A rule has a specific priority. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. Kaspersky Endpoint Security allows to assign priority from 0 to 10,000. The higher the value, the higher the priority. In other words, an entry with the value of 0 has the lowest priority.
For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 1 for the administrators group and assign a priority of 0 for the Everyone group.
The priority of a block rule is higher than the priority of an allow rule. In other words, if a user has been added to multiple groups and the priority of all rules are the same, Kaspersky Endpoint Security regulates device access based on any existing block rule.
Set the Enabled status for the device access rule.
Select the users or group of users to whom you want to apply the device access rule.
Configure a device access schedule for users.
Click the Add button.
In the Access to external devices block, select the rule and configure access: Allow, Deny, or Depends on connection bus. If necessary, configure access to the connection bus.
In the Access to Wi-Fi networks block, click the Wi-Fi link and configure access: Allow, Block, or Block with exceptions. If necessary, add Wi-Fi networks to the trusted list.