Adding a device to the Trusted list from Kaspersky Security Center

Kaspersky Security Center receives information about devices if Kaspersky Endpoint Security is installed on the computers and Device Control is enabled. It is not possible to add a device to the trusted list unless information about that device is available in Kaspersky Security Center.

You can add a device to the trusted list according to the following data:

• Devices by ID. Each device has a unique identifier (Hardware ID, or HWID). You can view the ID in the device properties by using operating system tools. Example device ID: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&354AE4D7&0&000000. Adding devices by ID is convenient if you want to add several specific devices.
• Devices by model. Each device has a vendor ID (VID) and a product ID (PID). You can view the IDs in the device properties by using operating system tools. Template for entering the VID and PID: VID_1234&PID_5678. Adding devices by model is convenient if you use devices of a certain model in your organization. This way, you can add all devices of this model.
• Devices by ID mask. If you are using multiple devices with similar IDs, you can add devices to the trusted list by using masks. The * character replaces any set of characters. Kaspersky Endpoint Security does not support the ? character when entering a mask. For example, WDC_C*.
• Devices by model mask. If you are using multiple devices with similar VIDs or PIDs (for example, devices from the same manufacturer), you can add devices to the trusted list by using masks. The * character replaces any set of characters. Kaspersky Endpoint Security does not support the ? character when entering a mask. For example, VID_05AC & PID_ *.

To add devices to the list of trusted devices:

1. Open the Kaspersky Security Center Administration Console.
2. In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
3. In the workspace, select the Policies tab.
4. Select the necessary policy and double-click to open the policy properties.
5. In the policy window, select Security Controls → Device Control.
6. In the right part of the window, select the Trusted devices tab.
7. Select the Merge values when inheriting check box if you want to create a consolidated list of trusted devices for all computers in the company.

   The lists of trusted devices in the parent and child policies will be merged. The lists will be merged provided that merging values when inheriting is enabled. Trusted devices from the parent policy are displayed in child policies in a read-only view. Changing or deleting trusted devices of the parent policy is not possible.

8. Click the Add button and select a method for adding a device to the trusted list.
9. To filter devices, select a device type from the Device type drop-down list (for example, Removable drives).
10. In the Name / Model field, enter the device ID, model (VID and PID) or mask, depending on the selected addition method.

    Adding devices by model mask (VID and PID) works as follows: if you enter a model mask that does not match any model, Kaspersky Endpoint Security checks if the device ID (HWID) matches the mask. Kaspersky Endpoint Security checks only the part of the device ID that determines the manufacturer and the type of the device (SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&354AE4D7&0&000000). If the model mask matches this part of the device ID, the devices that match the mask will be added to the list of trusted devices on the computer. At the same time, the list of devices in Kaspersky Security Center remains empty when you click the Refresh button. To display the list of devices correctly, you can add devices by device ID mask.

11. To filter devices, in the Computer name field, enter the computer name or a mask for the name of the computer to which the device is connected.

    The * character replaces any set of characters. The ? character replaces any single character.

12. Click the Refresh button.

    The table displays a list of devices that satisfy the defined filtering criteria.

13. Select the check boxes next to the names of devices that you want to add to the trusted list.
14. In the Comment field, enter a description of the reason for adding devices to the trusted list.
15. Click the Select button to the right of the Allow to users and / or groups of users field.
16. Select a user or a group in Active Directory and confirm your selection.

    By default, access to trusted devices is allowed for the Everyone group.

17. Save your changes.

When a device is connected, Kaspersky Endpoint Security checks the list of trusted devices for an authorized user. If the device is trusted, Kaspersky Endpoint Security allows access to the device with all permissions, even if access to the device type or connection bus is denied. If the device is untrusted and access is denied, you can request access to the locked device.