Device Control task settings

Support

Support for business applications

Kaspersky Endpoint Security 11 for Linux

Device Control task (Device_Control, ID:15)

Device Control task settings

December 12, 2023

ID 233755

The table describes all available values and the default values of all the settings that you can specify for the Device Control task.

Device Control task settings

Setting

Description

Values

RulesAction

Action performed by the application upon an attempt to access a device protected by the access rules.

ApplyRules (default value): the Application Control rules are applied and the action specified in the rules is performed.

TestRules: the application tests the rules, allows access, and generates an event about the detection of a device that meets the rule.

The [DeviceClass] section contains access modes for devices depending on their type.

HardDrive

Access mode for the hard drives connected to a client device.

Allow — Users are allowed access to hard drives.

DependsOnBus (default value) — Access to the hard drives depends on the connection bus access rule.

Block — Access to all hard drives (except system hard drives, which are never blocked by the Device Control task) is blocked for users.

ByRule — Access to the hard drives depends on the access rules.

RemovableDrive

Access mode for the removable drives connected to a client device.

Allow — Access to the removable drives is allowed for users.

DependsOnBus (default value) — Access to the removable drives depends on the connection bus access rule.

Block — Access to the removable drives is blocked for users.

ByRule — Access to the removable drives depends on the access rules.

FloppyDrive

Access mode for the floppy disks connected to a client device.

The application does not block floppy disks connected to the client device using the ISA bus.

Allow — Users are allowed access to floppy disks.

DependsOnBus (default value) — Access to floppy disks depends on the connection bus access rule.

Block — Access to floppy disks is blocked for users.

ByRule — Access to floppy disks depends on the access rules.

OpticalDrive

Access mode for the CD/DVD drives connected to a client device.

Allow — Users are allowed access to CD/DVD drives.

DependsOnBus (default value) — Access to CD/DVD drives depends on the connection bus access rule.

Block — Access to CD/DVD drives is blocked for users.

ByRule — Access to CD/DVD drives depends on the access rules.

SerialPortDevice

Access mode for the devices connected to a client device via a serial port.

The application does not block the devices connected to a client device via a serial port using the ISA bus.

Allow — Users are allowed access to devices connected through a serial port.

DependsOnBus (default value) — Access to devices connected through a serial port depends on the connection bus access rule.

Block — Access to devices connected through a serial port is blocked for users.

ParallelPortDevice

Access mode for the devices connected to a client device via a parallel port.

Allow — Users are allowed access to devices connected through a parallel port.

DependsOnBus (default value) — Access to devices connected through a parallel port depends on the connection bus access rule.

Block — Access to devices connected through a parallel port is blocked for users.

Printer

Access mode for the printers connected to a client device.

Allow — Users are allowed access to printers.

DependsOnBus (default value) — Access to printers depends on the connection bus access rule.

Block — Access to printers is blocked for users.

Modem

Access mode for the modems connected to a client device.

Allow — Users are allowed access to modems.

DependsOnBus (default value) — Access to modems depends on the connection bus access rule.

Block — Access to modems is blocked for users.

TapeDrive

Access mode for the tape devices connected to a client device.

Allow — Users are allowed access to tape devices.

DependsOnBus (default value) — Access to tape devices depends on the connection bus access rule.

Block — Access to tape devices is blocked for users.

MultifuncDevice

Access mode for the multifunctional devices connected to a client device.

Allow — Users are allowed access to multifunctional devices.

DependsOnBus (default value) — Access to multifunctional devices depends on the connection bus access rule.

Block — Access to multifunctional devices is blocked for users.

SmartCardReader

Access mode for the smart card readers connected to a client device.

Allow — Access to smart card readers is allowed for users.

DependsOnBus (default value) — Access to smart card readers depends on the connection bus access rule.

Block — Access to smart card readers is blocked for users.

WiFiAdapter

Access mode for the Wi-Fi adapters connected to a client device.

Allow — Users are allowed access to Wi-Fi adapters.

DependsOnBus (default value) — Access to Wi-Fi adapters depends on the connection bus access rule.

Block — Access to the Wi-Fi adapters is blocked for users.

NetworkAdapter

Access mode for the external network adapters connected to a client device.

Allow — Users are allowed access to external network adapters.

DependsOnBus (default value) — Access to external network adapters depends on the connection bus access rule.

Device Control does not allow denying access to external network adapters in order to avoid disconnecting the client device from the network.

PortableDevice

Access mode for the portable devices connected to a client device.

Allow — Users are allowed access to portable devices.

DependsOnBus (default value) — Access to portable devices depends on the connection bus access rule.

Block — Access to portable devices is blocked for users.

BluetoothDevice

Access mode for the Bluetooth devices connected to a client device.

Allow — Users are allowed access to Bluetooth devices.

DependsOnBus (default value) — Access to Bluetooth devices depends on the connection bus access rule.

Block — Access to Bluetooth devices is blocked for users.

ImagingDevice

Access mode for the imaging devices connected to a client device.

Allow—Access to all imaging devices is allowed for users.

DependsOnBus (default value) — Access to imaging devices depends on the connection bus access rule.

Block—Access to all imaging devices is blocked for users.

SoundAdapter

Access mode for the sound adapters connected to a client device.

Allow—Access to all sound adapters is allowed for users.

DependsOnBus (default value) — Access to sound adapters depends on the connection bus access rule.

Block—Access to all sound adapters is blocked for users.

InputDevice

Access mode for the input devices (keyboards, mouse, touchpad, and others) connected to a client device.

Allow — Users are allowed access to input devices.

DependsOnBus (default value) — Access to input devices depends on the connection bus access rule.

Block — Access to input devices is blocked for users.

The [DeviceBus] section contains connection bus access rules that determine whether the connection of devices is allowed or blocked.

USB

Connection bus access rules for the devices connected to a client device via USB interface.

Allow (default value) — Users are allowed access to USB-devices.

Block — Access to USB-devices is blocked for users.

FireWire

Connection bus access rules for the devices connected to a client device via FireWire interface.

Allow (default value) — Users are allowed access to devices connected via the FireWire interface.

Block — Access to devices connected via the FireWire interface is blocked for users.

The [TrustedDevices.item_#] section contains trusted devices, access to which is not restricted by the rules from the [DeviceClass] and [DeviceBus] sections.

DeviceId

Specifies ID or ID mask of a trusted device.

You can use the masks * (any sequence of characters) or ? (any single character) to indicate the device ID.

Comment

Comment to the specified trusted device.

—

The [Schedules.item_#] section contains the device access schedule. You can configure a schedule only for hard drives, removable drives, floppy disks, and CD/DVD drives.

ScheduleName

Specifies a schedule name.

The schedule name must be unique.

The default value: Default.

The Default schedule provides users full access to devices at any time if the connection bus is allowed to access the corresponding device type.

You cannot delete the Default schedule.

DaysHours

Specifies time intervals for a schedule.

All (default value) — The schedule is valid 24/7 (no time limitation).

<week_day> — Days of the week. You can use either the full week day names or abbreviations (for example, for Monday, you can specify Mo, or Mon, or Monday). For week days, you can specify intervals or specific days. The week starts from Sunday.

<hour> — Hours [0:24]. You can specify only intervals for hours.

Examples:

Schedule_1 is valid from Sunday till Saturday from 0 a.m. to 11 a.m., from 12 p.m. to 3 p.m., and from 4 p.m. to 12 a.m.:

[Schedules.item_0001]

ScheduleName=schedule_1

DaysHours=Su-Sa:0..11,12..15,16..24

Schedule_2 is valid for the following intervals: on Thursdays from 12 p.m. to 2 p.m. and on Fridays from 2 a.m. to 3 p.m. and from 4 p.m. to 12 a.m.:

[Schedules.item_0002]

ScheduleName=schedule_2

DaysHours=Th:12..14;Fr:2..15,16..24

Schedule_3 is valid 24 hours 7 days a week:

[Schedules.item_0003]

ScheduleName=schedule_3

DaysHours=All

The [HardDrivePrincipals.item_#] section contains hard drive access rules.

For hard drives, at least one schedule must always be enabled. You can assign several access rules to a hard drive. Also, multiple schedules can be specified for a user or group of users. If an access rule conflict occurs for a user or group, the minimum access rights are granted.

Principal

Specifies a user or group of users for whom the access rule is applied.

\Everyone (default value) — The access rule applies to all users.

<user name> — Name of the user to whom the access rule applies.

@<group name> — Name of the group of users to whom the access rule applies.

[HardDrivePrincipals.item_#.AccessRules.item_#]

Access rule settings.

—

UseRule

Specifies whether the rule is enabled or disabled.

Yes (default value) — The access rule is enabled.

No — The access rule is disabled.

ScheduleName

Schedule specified in the [Schedules.item_#] section.

The default value: Default.

Access

Specifies access type.

Allow (default value) — Access to hard drives is allowed.

Block — Access to hard drives is blocked.

The [RemovableDrivePrincipals.item_#] section contains the access rules for removable drives.

For removable drives, at least one schedule must always be enabled. You can assign several access rules to a removable drive. Also, multiple schedules can be specified for a user or group of users. If an access rule conflict occurs for a user or group, the minimum access rights are granted.

Principal

Specifies a user or group of users for whom the access rule is applied.

\Everyone (default value) — The access rule applies to all users.

<user name> — Name of the user to whom the access rule applies.

@<group name> — Name of the group of users to whom the access rule applies.

[RemovableDrivePrincipals.item_#.AccessRules.item_#]

Access rule settings.

—

UseRule

Specifies whether the rule is enabled or disabled.

Yes (default value) — The access rule is enabled.

No — The access rule is disabled.

ScheduleName

Schedule specified in the [Schedules.item_#] section.

The default value: Default.

Access

Specifies access type.

Allow (default value) — Access to removable drives is allowed.

Block — Access to removable drives is blocked.

The [FloppyDrivePrincipals.item_#] section contains access rules for floppy drives.

For floppy drives, at least one schedule must always be enabled. You can assign several access rules to a floppy drive. Also, multiple schedules can be specified for a user or group of users. If an access rule conflict occurs for a user or group, the minimum access rights are granted.

Principal

Specifies a user or group of users for whom the access rule is applied.

\Everyone (default value) — The access rule applies to all users.

<user name> — Name of the user to whom the access rule applies.

@<group name> — Name of the group of users to whom the access rule applies.

[FloppyDrivePrincipals.item_#.AccessRules.item_#]

Access rule settings.

—

UseRule

Specifies whether the rule is enabled or disabled.

Yes (default value) — The access rule is enabled.

No — The access rule is disabled.

ScheduleName

Schedule specified in the [Schedules.item_#] section.

The default value: Default.

Access

Specifies access type.

Allow (default value) — Access to floppy drives is allowed.

Block — Access to floppy drives is blocked.

The [OpticalDrivePrincipals.item_#] section contains the access rules for CD/DVD drives.

For CD/DVD drives, at least one schedule must always be enabled. You can assign several access rules to a CD/DVD drive. Also, multiple schedules can be specified for a user or group of users. If an access rule conflict occurs for a user or group, the minimum access rights are granted.

Principal

Specifies a user or group of users for whom the access rule is applied.

\Everyone (default value) — The access rule applies to all users.

<user name> — Name of the user to whom the access rule applies.

@<group name> — Name of the group of users to whom the access rule applies.

[OpticalDrivePrincipals.item_#.AccessRules.item_#]

Access rule settings.

—

UseRule

Specifies whether the rule is enabled or disabled.

Yes (default value) — The access rule is enabled.

No — The access rule is disabled.