Standard decisions on access to devices
January 10, 2024
ID 65739
Kaspersky Security makes a decision on whether to allow access to a device after you connect the device to the protected virtual machine.
Standard decisions on access to devices
Initial conditions | Interim steps to take until a decision on access to the device is made | Decision on access to the device | ||
Checking whether the device is included in the list of trusted devices | Testing access to the device based on the access rule | Testing access to the bus based on bus access rule | ||
The device is not present in the device classification of the Device Control component. | Not on the list. | No access rule. | Not subject to scanning. | Access allowed. |
The device is trusted. | On the list. | Not subject to scanning. | Not subject to scanning. | Access allowed. |
Access to the device is allowed. | Not on the list. | Access allowed. | Not subject to scanning. | Access allowed. |
Access to the device depends on the bus. | Not on the list. | Access depends on the bus. | Access allowed. | Access allowed. |
Access to the device depends on the bus. | Not on the list. | Access depends on the bus. | Access blocked. | Access blocked. |
Access to the device is allowed. No bus access rule is found. | Not on the list. | Access allowed. | No bus access rule. | Access allowed. |
Access to the device is blocked. | Not on the list. | Access blocked. | Not subject to scanning. | Access blocked. |
No device access rule or bus access rule is found. | Not on the list. | No access rule. | No bus access rule. | Access allowed. |
There is no device access rule. | Not on the list. | No access rule. | Access allowed. | Access allowed. |
There is no device access rule. | Not on the list. | No access rule. | Access blocked. | Access blocked. |
You can edit the device access rule after you connect the device.
If the device is connected and the access rule allows access to it, but you later edited the access rule and blocked access to the device, Kaspersky Security blocks access the next time that any file operation is requested from the device (viewing the folder tree, reading, writing). A device without a file system is blocked only the next time that the device is connected.
