Device Control task (Device_Control, ID:15)

When the Device Control task is running, Kaspersky Endpoint Security manages user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks.

By default, the Device Control task starts automatically when the application starts. You can stop the task at any moment if necessary.

The Device Control task manages user access to devices using the access rules. You can select the action to be performed by the Device Control task: apply rules or test rules.

Device Control task manages user access at the following levels:

• Device type. For example, printers, removable drives, or CD/DVD drives.
• Connection bus. Connection bus is an interface used to connect devices to the client device (USB or FireWire).
• Trusted devices. Trusted devices are devices to which users have full access.

  You can add devices to a list of trusted devices by ID. Each device has a unique DeviceId. You can view the IDs of the connected devices by executing the kesl-control --get-device-list command.

When a device, access to which is denied by the Device Control task, connects to a client device, the application denies the users specified in the rule access to this device and displays a notification. During attempts to read and write on this device, the application silently blocks the users specified in the rule from reading/writing.

If the Device Control task stops running, the application unblocks access to blocked devices.

In the general application settings, if the InterceptorProtectionMode setting is set to Notify, it is not possible to block access to devices using a device access schedule (the [Schedules.item_#] section).

Kaspersky Endpoint Security ignores the excluded mount points for the Device Control task. The access rules apply to devices mounted in a globally excluded mount point.