Device Control allows managing the Wi-Fi connection of the computer (laptop). Public Wi-Fi networks may be insecure, and using such networks can result in data loss. Device Control lets you block a user from connecting to Wi-Fi or allow connecting only to trusted networks. For example, you can allow connecting only to the corporate Wi-Fi network that is sufficiently secure. Device Control will block access to all Wi-Fi networks except those specified in the trusted list.
On computers running Windows 11, you need to enable Location services in order to control Wi-Fi connections. To do this, you need to enable the Location services switch in the operating system settings (Settings → Privacy & security → Location). If Location services are disabled, Kaspersky Endpoint Security does not control connections to Wi-Fi networks.
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Security Controls → Device Control.
Under Device Control settings, select the Types of devices tab.
The table lists access rules for all devices that are present in the classification of the Device Control component.
In the context menu for the Wi-Fi device type, select the Device Control action that is taken when connecting to Wi-Fi: Allow (), Block (), or Block with exceptions ().
If you selected the Block with exceptions option, create a list of trusted Wi-Fi networks:
Double-click to open the list of trusted Wi-Fi networks.
In the Trusted Wi-Fi networks block, click the Add button.
This opens a window; in that window, configure the trusted Wi-Fi network (see figure below):
Network name. Name or SSID (Service Set Identifier) of the Wi-Fi network.
Authentication type. Authentication type used when connecting to the Wi-Fi network.
Starting with Kaspersky Endpoint Security for Windows version 12.0, the WPA3 protocol support has been added to the application. If a Kaspersky Endpoint Security version 12.2 policy is applied on a computer, the WPA2 protocol is selected on computers with Kaspersky Endpoint Security version 11.11.0 and earlier; WPA2 / WPA3 is selected for versions 12.0 to 12.1; WPA3 is selected for versions 12.2 and later.
Encryption type. Encryption type used to protect the Wi-Fi traffic.
Comment. Further info about the added Wi-Fi network.
You can view the settings of the trusted Wi-Fi network in router settings.
A Wi-Fi network is considered trusted if its settings match all settings specified in the rule.
In the main window of the Web Console, select Devices → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Security Controls → Device Control.
In the Device Control Settings block, click the Access rules for devices and Wi-Fi networks link.
The table lists access rules for all devices that are present in the classification of the Device Control component.
In the Access to Wi-Fi networks block, click the Wi-Fi link.
Under Access to Wi-Fi networks, select the Device Control action taken when connecting to Wi-Fi: Allow, Block, or Block with exceptions.
If you selected the Block with exceptions option, create a list of trusted Wi-Fi networks:
Double-click to open the list of trusted Wi-Fi networks.
In the Trusted Wi-Fi networks block, click the Add button.
This opens a window; in that window, configure the trusted Wi-Fi network (see figure below):
Network name. Name or SSID (Service Set Identifier) of the Wi-Fi network.
Authentication type. Authentication type used when connecting to the Wi-Fi network.
Starting with Kaspersky Endpoint Security for Windows version 12.0, the WPA3 protocol support has been added to the application. If a Kaspersky Endpoint Security version 12.2 policy is applied on a computer, the WPA2 protocol is selected on computers with Kaspersky Endpoint Security version 11.11.0 and earlier; WPA2 / WPA3 is selected for versions 12.0 to 12.1; WPA3 is selected for versions 12.2 and later.
Encryption type. Encryption type used to protect the Wi-Fi traffic.
Comment. Further info about the added Wi-Fi network.
You can view the settings of the trusted Wi-Fi network in router settings.
A Wi-Fi network is considered trusted if its settings match all settings specified in the rule.
In the application settings window, select Security Controls → Device Control.
In the Access settings block, click the Devices and Wi-Fi networks button.
The opened window shows access rules for all devices that are included in the Device Control component classification.
In the Access to Wi-Fi networks block, click the Wi-Fi link.
The opened window shows the Wi-Fi network access rules.
Wi-Fi access settings
Under Access, select the Device Control action taken when connecting to Wi-Fi: Allow, Block, or Block with exceptions.
If you selected the Block with exceptions option, create a list of trusted Wi-Fi networks:
In the Trusted Wi-Fi networks block, click the Add button.
This opens a window; in that window, configure the trusted Wi-Fi network (see figure below):
Network name. Name or SSID (Service Set Identifier) of the Wi-Fi network.
Authentication type. Authentication type used when connecting to the Wi-Fi network.
Starting with Kaspersky Endpoint Security for Windows version 12.0, the WPA3 protocol support has been added to the application. If a Kaspersky Endpoint Security version 12.2 policy is applied on a computer, the WPA2 protocol is selected on computers with Kaspersky Endpoint Security version 11.11.0 and earlier; WPA2 / WPA3 is selected for versions 12.0 to 12.1; WPA3 is selected for versions 12.2 and later.
Encryption type. Encryption type used to protect the Wi-Fi traffic.
Comment. Further info about the added Wi-Fi network.
You can view the settings of the trusted Wi-Fi network in router settings.
A Wi-Fi network is considered trusted if its settings match all settings specified in the rule.
Save your changes.
Trusted Wi-Fi network settings
As a result, when a user tries connecting to a Wi-Fi network that is not listed as trusted, the application blocks the connection and displays a notification (see figure below).