January 10, 2024
The Kaspersky Security functionality described in this section is available only if the application is installed on a virtual machine with a Windows desktop operating system.
Device Control ensures the security of confidential data by restricting user access to devices that are installed on the protected virtual machine or connected to it:
- Storage devices (hard drives, removable drives, CD/DVDs)
- Network devices (modems, external network cards)
- Printing devices (printers)
- Connection buses (also referred to as "buses"), i.e. interfaces for connecting devices to the protected virtual machine (such as USB or FireWire)
Trusted devices are devices to which users that are specified in the trusted device settings have full access at all times.
If you have added a device to the list of trusted devices and created an access rule for this type of device which blocks or restricts access, Kaspersky Security decides whether or not to grant access to the device based on its presence in the list of trusted devices. Presence in the list of trusted devices has a higher priority than an access rule.
When the virtual machine user attempts to access a blocked device, Kaspersky Security displays a message stating that access to the device is blocked or that the operation with the device contents is forbidden. If the user believes that access to the device was mistakenly blocked or that an operation with device contents was forbidden by mistake, the user can send a complaint to the corporate LAN administrator by clicking the link in the displayed message about the blocked action. Special templates are available for messages about blocked access to devices or forbidden operations with device contents, and for complaints sent to the administrator. You can modify the message templates. On the protected virtual machine, the user can request and obtain temporary access to a blocked device.
This section describes how to configure Device Control settings using the Administration Console and the Light Agent for Windows local interface. You can also configure Device Control settings using the Web Console when creating or modifying the Light Agent for Windows policy settings (Application Settings → Endpoint control → Device Control).