About Device Control task

Kaspersky Security for Windows Server controls registration and usage of the external devices and CD/DVD drives in order to protected device against computer security threats, that may occur in process of file exchange with flash drives or other type of external device connected via USB.

Kaspersky Security for Windows Server controls the following USB external devices connections:

• USB-connected flash drives
• CD/DVD ROM drives
• USB-connected floppy disk drives
• USB-connected network adapters
• USB-connected MTP-mobile devices

Kaspersky Security for Windows Server informs you about all devices connected via USB with the corresponding event in the task and event logs. The event details include device type and connection path. When the Device Control task is started, Kaspersky Security for Windows Server checks and lists all devices connected via USB. You can configure the notifications in the Kaspersky Security Center notification settings section.

The Device Control task monitors all the attempts of external devices connections to a protected device via USB and blocks connection, if there are no allowing rules for such devices. After the connection is blocked, the device is not available.

The application prescribes one of the following statuses to each connected external device:

• Trusted. Device for which you want to allow files exchange. Upon rules list generation, the Device instance path value is included into usage scope for at least one rule.
• Untrusted. Device for which you want to restrict files exchange. Device instance path is not included into any allowing rule usage scope.

You can create allowing rules for external devices to allow data exchange using the Rule Generator for Device Control task. You can also expand the usage scope for already specified rules. You cannot create allowing rules manually.

Kaspersky Security for Windows Server identifies external devices that are registered in the system, by using the Device Instance Path value. Device Instance Path is a default feature uniquely specified for each external device. The Device Instance Path value is specified for each external device in its Windows properties and is automatically determined by Kaspersky Security for Windows Server during rule generation.

The Device Control task can operate in two modes:

• Active. Kaspersky Security for Windows Server applies rules to control the connection of flash drives and other external devices, and allows or blocks the use of all devices according to the Default Deny principle and specified allowing rules. The use of trusted external devices is allowed. The use of untrusted external devices is blocked by default.

  If an external device you consider to be untrusted is connected to a protected device before the Device Control task is run in the Active mode, the device is not blocked by the application. We recommend that you disconnect the untrusted device manually or restart the protected device. Otherwise, the Default Deny principle will not be applied to the device.

• Statistics only. Kaspersky Security for Windows Server does not control the connection of flash drives and other external devices, but only logs information about the connection and registration of external devices on a protected device, and about the Device Control allowing rules triggered by the connected devices. The use of all external devices is allowed. This mode is set by default.

  You can apply this mode for rules generation on the basis of the information about blocking devices logged during the task running.