About access rules
Access rules comprise a group of settings that determine which users can access devices that are installed or connected to the computer. You cannot add a device that is outside of Device Control classification. Access to such devices is allowed for all users.
Device Access Rules
The group of settings for an access rule differs depending on the type of device (see the table below).
Access rule settings
Devices | Access control | Schedule for access to a device | Assignment of users and/or a group of users | Priority | Read/write permission |
|---|---|---|---|---|---|
Hard drives |
|
|
|
|
|
Removable drives |
|
|
|
|
|
Floppy disks |
|
|
|
|
|
CD/DVD drives |
|
|
|
|
|
Portable devices (MTP) |
|
|
|
|
|
Printers |
| – | – | – | – |
Modems |
| – | – | – | – |
Tape devices |
| – | – | – | – |
Multifunctional devices |
| – | – | – | – |
Smart card readers |
| – | – | – | – |
Windows CE USB ActiveSync devices |
| – | – | – | – |
External network adapters |
| – | – | – | – |
Bluetooth |
| – | – | – | – |
Cameras and scanners |
| – | – | – | – |
Mobile device access rules
Mobile devices running Android or iOS are categorized as portable devices (MTP). When a mobile device is connected to the computer, the operating system determines the device type. If Android Debug Bridge (ADB), iTunes or their equivalent applications are installed on the computer, the operating system identifies mobile devices as ADB or iTunes devices. In all other cases, the operating system may identify the mobile device type as a portable device (MTP) for file transfer, a PTP device (camera) for image transfer, or another device. The device type depends on the model of the mobile device.
Please note the following special considerations regarding access to ADB- or iTunes devices:
- You cannot configure a device access schedule. If access to devices is restricted by rules (they have the
status), ADB- and iTunes devices are always accessible. - You cannot configure device access for individual users, or configure access permissions (read/write). If access to devices is restricted by rules (they have the status), ADB- and iTunes devices are accessible to all users with all permissions.
- You cannot configure access to trusted ADB- or iTunes devices for individual users. If the device is trusted, ADB- and iTunes devices are accessible to all users.
- If you installed the ADB or iTunes applications after connecting a device to the computer, the unique ID of the device may be reset. This means that Kaspersky Endpoint Security will identify this device as a new device. If a device is trusted, add the device to the trusted list again.
By default, access rules grant all users full access to the devices at all times, if access to the connection buses for the corresponding types of devices is allowed (the 
status).
Access rules for Wi-Fi networks
A Wi-Fi network access rule determines whether the use of Wi-Fi networks is allowed (the 
status) or forbidden (the 
status). You can add a trusted Wi-Fi network (the status) to a rule. Use of a trusted Wi-Fi network is allowed without limitations. By default, a Wi-Fi network access rule allows access to any Wi-Fi network.
Connection bus access rules
Connection bus access rules determine whether the connection of devices is allowed (the status) or forbidden (the status). Rules that allow access to buses are created by default for all connection buses that are present in the classification of the Device Control component.
Keyboard and mouse cannot be locked using Device Control. If you prohibit access to the USB connection bus, the user will continue to work with a keyboard and mouse connected via USB. The BadUSB Attack Prevention component is designed to prevent infected USB devices imitating keyboards from connecting to the computer.
