When the Device Control task is running, Kaspersky Industrial CyberSecurity for Linux Nodes manages user access to devices that are installed on the computer or connected to it (for example, hard drives, smart card readers, or Wi-Fi modules). This lets you protect the computer from infection when such devices are connected, and prevent data loss or leaks.
By default, the Device Control task starts automatically when the application starts. You can stop the task at any moment if necessary.
The Device Control task manages user access to devices using the access rules.
Device Control controls access at the following levels:
For each device type, you can specify the following access rules: Allow, Block, or DependsOnBus. If the DependsOnBus value is specified, access to the device is defined by the connection bus access rule.
For each connection bus, you can specify the following access rules: Allow or Block. For example, you can allow or block connection of all USB devices.
You can add devices to a list of trusted devices by ID. Each device has a unique ID. You can view the IDs of the connected devices by executing the kics-control --get-device-list command.
If a device blocked by the Device Control task is connected to the computer, the application blocks users' access to this device and displays a notification. You can view blocked devices in the list of connected devices (Blocked: Yes).
Kaspersky Industrial CyberSecurity for Linux Nodes ignores the excluded mount points for the Device Control task. The access rules apply to devices mounted in a globally excluded mount point.