Support

Support for business applications

Kaspersky Industrial CyberSecurity for Linux Nodes

Device Control

Kaspersky Industrial CyberSecurity for Linux Nodes
Нет результатов
Online Help
FAQ Solution overview Forum Contact support Product videos

Device Control

August 5, 2024

ID 264143

The Device Control component allows you to manage user access to the devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). Access management lets you protect the client device from infection when external devices are connected, and prevent data loss or leaks.

Device Control is disabled by default.

Device Control manages user access on the following levels:

  • Device type as classified by Device Control, such as printers, removable drives, or CD/DVD drives. One of the following access modes can be applied to each device type:
    • Allow, to allow access to devices of this type.
    • Block, to block access to devices of this type.
    • Depends on bus: allow or block access to devices depending on the access mode set for the bus through which the device is connected.
    • By rule: allow or block access to devices depending on the access rules. A device access rule is a set of options that determine which users can access devices that are installed on the client device or connected to it, and at what time.

      When a forbidden device is connected, the application denies access to the device to the users specified in the rule and displays a notification. During attempts to read and write on this device, the application silently blocks the users specified in the rule from reading/writing.

      If you try to perform an operation with a device whose access mode is set to By rule, but no rule active at the time of access is found, the operation will be blocked.

  • Connection bus. Connection bus is an interface that devices use to connect to the client device, such as USB or FireWire. One of the following access modes can be applied to connection buses:
    • Allow: grant access to devices connected through this connection bus.
    • Block: deny access to devices connected using this connection bus.

    For example, access may be denied to all devices connected via USB.

Depending on connection bus mode is selected for all types of devices by default, and Allow mode is selected for buses. Device Control grants users full access to all devices accordingly.

Blocking devices by device type or connection bus via the system device driver is not supported on the following Linux kernels: 3.10, 5.14, 5.15, 5.17, 6.1. On these kernels and in the By rule access mode, only the opening of files and reading of directories (that is, getting the names of files and directories) are blocked.

When Device Control is enabled for the first time, it generates a DeviceAllowed event for all detected devices with a known device or bus type. No repeat events are generated upon subsequent component runs unless there were changes in the control settings for these devices.

When Device Control is disabled, the application unblocks access to blocked devices.

You can enable, disable, and configure Device Control:

  • Select the application's operation mode when there is an attempt to access a device to which access is prohibited by Device Control settings: block or only notify about the attempt to access the device.
  • Select a device access mode depending on the type.
  • Select an access mode for the bus through which the devices are connecting.
  • Remove individual devices from the scope of Device Control by adding them to the list of trusted devices. Trusted devices are devices to which users have full access. You can add devices to a list of trusted devices by identifier or identifier mask. For example, you can limit access to specific USB devices or only to USB drives; access to other USB devices is denied.

    If you are managing the application on the command line, you can view the IDs of connected devices by running kics-control --get-device-list on the client device.

    If you are managing the application via Kaspersky Security Center, information about devices installed on, or connected to, the client devices can be sent to the Administration Server. The information sharing is enabled by default.

    Information about devices is shared if the device is managed by an active policy and synchronization with the Network Agent is completed as configured in the Network Agent (every 15 minutes by default).

  • Define an access schedule for devices: only hard drives, removable drives, floppy disks, and CD/DVD drives.

    In general application settings, if blocking access to files during scans is disabled, you cannot use a device access schedule to block access to devices.

  • You can define access rules for devices depending on their type. Allow or block access for specified users at a specified time.

Device Control ignores mount point exclusions. Access to a device mounted at an excluded point can be limited with Device Control settings.

In this Help section

Configuring Device Control in the Web Console

Configuring Device Control in the Administration Console

Configuring Device Control on the command line

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.