About Device Control task
August 3, 2023
Kaspersky Industrial CyberSecurity for Nodes controls registration and usage of the external devices and CD/DVD drives in order to protected computer against computer security threats, that may occur during file exchange with flash drives or other types of external devices connected via USB.
Kaspersky Industrial CyberSecurity for Nodes controls the following USB external devices connections:
- USB flash drives, including those with UAS support
- CD/DVD ROM drives
- USB-connected floppy disk drives
- USB-connected network adapters
- USB-connected MTP-mobile devices
Kaspersky Industrial CyberSecurity for Nodes informs you about all devices connected via USB with the corresponding event in the task and event logs. The event details include device type and connection path. When the Device Control task is started, Kaspersky Industrial CyberSecurity for Nodes checks and lists all devices connected via USB. You can configure the notifications in the Kaspersky Security Center notification settings section.
The Device Control task monitors all the attempts of external devices connections to a protected device via USB and blocks connection, if there are no allowing rules for such devices. After the connection is blocked, the device is not available.
The application prescribes one of the following statuses to each connected external device:
- Trusted. Device for which you want to allow files exchange. Upon rules list generation, the Device instance path value is included into usage scope for at least one rule.
- Untrusted. Device for which you want to restrict files exchange. Device instance path is not included into any allowing rule usage scope.
You can create allowing rules for external devices to allow data exchange using the Rule Generator for Device Control task. You can also expand the usage scope for existing allowing rules. You cannot create allowing rules manually.
Kaspersky Industrial CyberSecurity for Nodes identifies external devices that are registered in the system, by using the Device Instance Path value. Device Instance Path is a default feature uniquely specified for each external device. The Device Instance Path value is specified for each external device in its Windows properties and is automatically determined by Kaspersky Industrial CyberSecurity for Nodes when allowing rules are created.
The Device Control task can operate in two modes:
- Active. Kaspersky Industrial CyberSecurity for Nodes applies rules to control the connection of flash drives and other external devices, and allows or blocks the use of all devices according to the Default Deny principle and specified allowing rules. The use of trusted external devices is allowed. The use of untrusted external devices is blocked by default.
If an external device you consider to be untrusted is connected to a protected device before the Device Control task is run in Active mode, the device is not blocked by the application. We recommend that you disconnect the untrusted device manually or restart the protected device. Otherwise, the Default Deny principle will not be applied to the device.
- Statistics only. Kaspersky Industrial CyberSecurity for Nodes does not control the connection of flash drives and other external devices, but only logs information about the connection and registration of external devices on a protected device, and about the Device Control allowing rules triggered by the connected devices. The use of all external devices is allowed. This mode is set by default.
You can apply this mode for rules generation on the basis of the information about blocking devices logged during the task running.