When the Device Control task is running, Kaspersky Industrial CyberSecurity for Linux Nodes manages user access to devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks.
By default, the Device Control task starts automatically when the application starts. You can stop the task at any moment if necessary.
The Device Control task manages user access to devices using the access rules. You can select the action to be performed by the Device Control task: apply rules or test rules.
Device Control task manages user access at the following levels:
You can add devices to a list of trusted devices by ID. Each device has a unique DeviceId
. You can view the IDs of the connected devices by executing the kics-control --get-device-list
command.
When a device, access to which is denied by the Device Control task, connects to a client device, the application denies the users specified in the rule access to this device and displays a notification. During attempts to read and write on this device, the application silently blocks the users specified in the rule from reading/writing.
If the Device Control task stops running, the application unblocks access to blocked devices.
In the general application settings, if the InterceptorProtectionMode
setting is set to Notify
, it is not possible to block access to devices using a device access schedule (the [Schedules.item_#]
section).
Kaspersky Industrial CyberSecurity for Linux Nodes ignores the excluded mount points for the Device Control task. The access rules apply to devices mounted in a globally excluded mount point.