Device Control allows managing access to devices by type. The type of the device is determined by the operating system when the device is connected. You can look up the device type using the Device Manager tool built into the operating system. To manage access to devices, you must configure rules. A device access rule is a group of settings that determine how users can access devices that are installed or connected to the computer. These settings include access to a specific device, an access schedule, and read or write permissions. You cannot add a device that is outside of Device Control classification. Access to such devices is allowed for all users.
By default, Device Control allows access to all devices for all users.
You can configure access to devices as follows:
Allow.
Kaspersky Endpoint Security grants all users full access to devices.
Kaspersky Endpoint Security determines the connection interface of devices and restricts access to devices in accordance with their bus connection status. The application also allows connecting trusted devices.
By rules.
For some device types, you can designate individual users or a group of users that are allowed to use devices, set up a schedule for access to devices, and configure read and write permissions. The application also allows connecting trusted devices.
Be careful when configuring access to devices of the Hard drives type. If you block access to the system disk, the application may cause a crash (BSOD) when booting the operating system.
If a device does not fit in the Device Control classification scheme, access to such a device cannot be restricted.
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Security Controls → Device Control.
Under Device Control settings, select the Types of devices tab.
The Types of devices tab shows access rules for all devices that are included in the Device Control classification.
Configure access rules for devices:
Select access mode: Allow, Block, Depends on connection bus, By rules.
To select the By rules mode, double-click to open access rule properties.
If you selected the Depends on connection bus access mode, go to the Connection buses tab and configure access rules for connection interfaces.
In the case of storage devices (for example, removable media), you can configure access permissions for individual users. You can also set up a schedule for access to devices and configure read and write permissions.
In the main window of the Web Console, select the Assets (Devices) → Policies & profiles tab.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Security Controls → Device Control.
In the Device Control Settings block, click the Access rules for devices and Wi-Fi networks link.
The table lists access rules for all devices that are present in the classification of the Device Control component.
Configure access rules for devices:
Select access mode: Allow, Block, Depends on connection bus, By rules.
If the access mode is missing from the drop-down menu, open the access rule properties by double-clicking the device type.
If you selected the Depends on connection bus access mode, go to the Connection buses tab and configure access rules for connection interfaces.
In the case of storage devices (for example, removable media), you can configure access permissions for individual users. You can also set up a schedule for access to devices and configure read and write permissions.
In the application settings window, select Security Controls → Device Control.
In the Access settings block, click the Devices and Wi-Fi networks link.
The table lists access rules for all devices that are present in the classification of the Device Control component.
Configure access rules for devices:
Select access mode: Allow, Block, Depends on connection bus, By rules.
If the access mode is missing from the drop-down menu, open the access rule properties by double-clicking the device type.
If you selected the Depends on connection bus access mode, go to the Connection buses tab and configure access rules for connection interfaces.
In the case of storage devices (for example, removable media), you can configure access permissions for individual users. You can also set up a schedule for access to devices and configure read and write permissions.
As a result, when a user attempts to gain access to a device, the application blocks access in accordance with the rules. Kaspersky Endpoint Security also logs a corresponding event. If you want to grant access to individual devices, you can add these devices to the list of trusted devices.