Kaspersky Embedded Systems Security controls registration and usage of the external devices and CD/DVD drives in order to protected device against computer security threats, that may occur in process of file exchange with flash drives or other type of external device connected via USB.
Kaspersky Embedded Systems Security controls the following USB external devices connections:
Kaspersky Embedded Systems Security informs you about all devices connected via USB with the corresponding event in the task and event logs. The event details include device type and connection path. When the Device Control task is started, Kaspersky Embedded Systems Security checks and lists all devices connected via USB. You can configure the notifications in the Kaspersky Security Center notification settings section.
The Device Control task monitors all the attempts of external devices connections to a protected device via USB and blocks connection, if there are no allowing rules for such devices. After the connection is blocked, the device is not available.
The application prescribes one of the following statuses to each connected external device:
You can create allowing rules for external devices to allow data exchange using the Rule Generator for Device Control task. You can also expand the usage scope for already specified rules. You cannot create allowing rules manually.
Kaspersky Embedded Systems Security identifies external devices that are registered in the system, by using the Device Instance Path value. Device Instance Path is a default feature uniquely specified for each external device. The Device Instance Path value is specified for each external device in its Windows properties and is automatically determined by Kaspersky Embedded Systems Security during rule generation.
The Device Control task can operate in two modes:
If an external device you consider to be untrusted is connected to a protected device before the Device Control task is run in the Active mode, the device is not blocked by the application. We recommend that you disconnect the untrusted device manually or restart the protected device. Otherwise, the Default Deny principle will not be applied to the device.
You can apply this mode for rules generation on the basis of the information about blocking devices logged during the task running.