Granting offline access to the external device blocked by Device Control

In Device Control component of Kaspersky Endpoint Security for Windows policy, you can manage user access to external devices that are installed on or connected to the client device (for example, hard drives, cameras, or Wi-Fi modules). This lets you protect the client device from infection when such external devices are connected, and prevent loss or leaks of data.

If you need to grant temporary access to the external device blocked by Device Control but it is not possible to add the device to the list of trusted devices, you can grant temporary offline access to the external device. Offline access means that the client device has no access to the network.

You can grant offline access to the external device blocked by Device Control only if the Allow request for temporary access option is enabled in the settings of Kaspersky Endpoint Security for Windows policy, in the Application settings → Security Controls → Device Control section.

Granting offline access to the external device blocked by Device Control includes the following stages:

1. In the Kaspersky Endpoint Security for Windows dialog window, device user who wants to have access to the blocked external device, generates a request access file and sends it to the Kaspersky Security Center administrator.
2. Getting this request, the Kaspersky Security Center administrator creates an access key file and send it to the device user.
3. In the Kaspersky Endpoint Security for Windows dialog window, the device user activates the access key file and obtains temporary access to the external device.

To grant temporary access to the external device blocked by Device Control:

1. In the main menu, go to Devices → Managed devices.

   The list of managed devices is displayed.

2. In this list, select the user's device that requests access to the external device blocked by Device Control.

   You can select only one device.

3. Above the list of managed devices, click the ellipsis button (), and then click the Grant access to the device in offline mode button.
4. In the Application settings window that opens, in the Device Control section, click the Browse button.
5. Select the request access file that you have received from the user, and then click the Open button. The file should have the AKEY format.

   The details of the locked device to which the user has requested access is displayed.

6. Specify the value of the Access duration setting.

   This setting defines the length of time for which you grant the user access to the locked device. The default value is the value that was specified by the user when creating the request access file.

7. Specify the value of the Activation period setting.

   This setting defines the time period during which the user can activate access to the blocked device by using the provided access key.

8. Click the Save button.

   This opens the standard Save access key window of Microsoft Windows.

9. Select the destination folder in which you want to save the file containing the access key for the blocked device.
10. Click the Save button.

As a result, when you send the user the access key file and the user activates it in the Kaspersky Endpoint Security for Windows dialog window, the user has temporary access to the blocked device for the specific period.