To edit a device access rule in Kaspersky Security Center:
Open Kaspersky Security Center Administration Console.
In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
In the workspace, select the Policies tab.
Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
In the policy properties window, select the Device Control section in the list on the left.
In the right part of the window, select the Device types tab.
The Device types tab contains access rules for all devices that are included in the classification of the Device Control component.
Select the access rule that you want to edit.
Click the Edit button. This button is only available for device types which have a file system.
The Configuring device access rules window opens.
By default, a device access rule grants all users full access to the specified type of devices at any time. In the Users and/or groups of users list, this access rule contains the All group. In the Rights of the selected group of users by access schedules table, this access rule contains the overall time interval of access to devices, with the rights to perform all kinds of operations with devices.
Edit the settings of the device access rule:
Select a user and/or group of users from the Users and/or groups of users list. To edit the Users and/or groups of users list, use the Add, Edit, and Delete buttons.
In the Rights of the selected group of users by access schedules table, configure the schedule for access to devices for the selected user and / or group of users. To do this, set the check boxes next to the names of the access schedules for devices that you want to use in the device access rule that is to be edited. To edit the list of access schedules to devices, use the Create, Edit, Copy, and Delete buttons in the Rights of the selected group of users by access schedules table.
For each device access schedule used in the rule being edited, specify the operations that are allowed when working with devices. To do so, in the Rights of the selected group of users by access schedules table, set the check boxes in the columns with the names of the relevant operations.
In the Configuring device access rules window, click OK.
After you have edited the default settings of a device access rule, the setting for access to the type of device in the Access column in the table on the Device types tab is changed to the Restrict by rules value.
Click the Apply button.
To edit a device access rule in the local interface:
In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, the Device Control component's settings are displayed.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.