Device Control

for Windows, macOS, and Linux

Device Control manages user access to devices that are installed on or connected to a computer (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the computer from infection when such devices are connected, and prevent data loss or data leaks.

Device Control allows or blocks access to devices on the following levels:

Device type. For example, printers, removable drives, and CD/DVD drives.
Connection bus. A connection bus is an interface used for connecting devices to a device (for example, USB or FireWire). If the Depends on bus mode is selected for the device type, the application controls access to the device in accordance with the mode for the bus to which the device connects (for example, USB).
Trusted devices. Trusted devices are devices to which specified users or user groups have full access at all times.
You can add trusted devices based on the following data:
- Windows macOS Model. Each device has a vendor ID (VID) and a product ID (PID). You can view the IDs in the device properties by using operating system tools. Template for entering the VID and PID: VID_1234&PID_5678. Adding devices by model is convenient if you use devices of a certain model in your organization. This way, you can add all devices of this model.
- ID. Each device has a unique identifier (Hardware ID, or HWID). You can view the ID in the device properties by using operating system tools. Example of a device ID: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&354AE4D7&0&000000. Adding devices by ID is convenient if you want to add several specific devices.
- Windows macOS Devices by model mask. If you are using multiple devices with similar VIDs or PIDs (for example, devices from the same manufacturer), you can add devices to the trusted list by using masks. The * character replaces any set of characters. The ? character replaces any single character. For example, VID_05AC&PID_*.
- Devices by ID mask. If you are using multiple devices with similar IDs, you can add devices to the trusted list by using masks. The * character replaces any set of characters. The ? character replaces any single character. For example, WDC_C*.

Linux For Linux devices, the action performed by the component depends on the file operations interception mode selected in the General settings section, the Detection settings subsection.

Device Control settings

Settings	OS	Description
Trusted devices	`Windows` `macOS` `Linux`	List of trusted devices and users who are granted access to these devices. Kaspersky Endpoint Security supports the `*` and `?` characters when entering a mask.
Message templates	`Windows` `Linux`	Template of the message that appears when a user attempts to access a blocked device. This message also appears when a user attempts to perform an operation on the device contents that was blocked for this user. A template of the message that is sent to the LAN administrator when the user believes that access to the device is blocked or an operation with device content is forbidden by mistake.
Device access rules	`Windows` `macOS` `Linux`	This table contains all possible types of devices according to the classification of the Device Control component, including their respective access statuses.
Allow requests for temporary access	`Windows` `Linux`	If the check box is selected, the Request access button is available through the local interface of Kaspersky Endpoint Security. Using this button, the user can request temporary access to a blocked device.
Operating mode	`Linux`	Kaspersky Endpoint Security performs the selected action when an attempt is made to gain access to the device to which access is blocked in accordance with Device Control settings. Inform. If you select this option, Kaspersky Endpoint Security tests the selected access mode and generates an event for the detected attempt to gain access to the device. Block. If you select this option, Kaspersky Endpoint Security applies the access mode set for the device or bus.
Devices and Wi-Fi networks	`Windows` `macOS` `Linux`	A list of all available device types according to the Device Control component's classification, including their respective access statuses.
Connection buses	`Windows` `Linux`	A list of all available connection buses according to the Device Control component's classification, including their respective access statuses. Kaspersky Endpoint Security allows or denies access to devices depending on the type of connection bus if Depends on connection bus mode is selected.
Anti-Bridging	`Windows`	Anti-Bridging inhibits the creation of network bridges by preventing the simultaneous establishment of multiple network connections for a computer. This lets you protect a corporate network from attacks over unprotected, unauthorized networks. Anti-Bridging blocks the establishment of multiple connections according to the priorities of devices. The higher a device is on the list, the higher its priority. If an active connection and a new connection are both of the same type (for example, Wi-Fi), Kaspersky Endpoint Security blocks the active connection and allows establishment of the new connection. If an active connection and a new connection are of different types (for example, a network adapter and Wi-Fi), Kaspersky Endpoint Security blocks the connection with the lower priority and allows the connection with the higher priority. Anti-Bridging supports operation with the following types of devices: network adapter, Wi-Fi, and modem.

Page top