Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Device Control

About Device Control rules generation

Kaspersky Security 11.x for Windows Server
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

About Device Control rules generation

June 10, 2022

ID 148412

Save as PDF

You can import device control allowing rules from the XML files that were automatically generated during the Device Control or the Rule Generator for Device Control tasks running.

By default, Kaspersky Security for Windows Server restricts connections of any flash drives and other external devices, if they are not included into the usage scope of specified device control rules.

Targets and scenarios for device control rules generation

Rule generation scenario

Target

The Rule Generator for Device Control task
  • Add allowing rules for previously connected trusted devices before the first start of the Device Control task.
  • Generate rules list for devices trusted in the protected devices network.

Rules generation based on system data

Add allowing rules for one or several external devices, whose data have been stored in the system.

Rules generation based on data about the currently connected devices

Renew an already specified rules list when it is necessary to trust a little amount of new external devices.

The Device Control task in the Statistics only mode

Generate allowing rules for a large number of trusted devices.

The Rule Generator for Device Control task usage

XML file, generated upon the Rule Generator for Device Control task completion, contains allowing rules for those flash drives and other external devices whose data have been stored in a system registry.

Use this scenario during the rule generation process to take into account all ever connected external devices that are registered by the systems on all network protected device or to consider only data about devices currently connected to all network protected device. The task also allows for all external devices that a connected at the moment of task running. Upon the group task completion Kaspersky Security for Windows Server generates allowing rules lists for all external devices registered in the network and saves these lists in an XML file in a specified folder. Then you can manually import generated rules in the Device Control task settings. Unlike a task on a protected device, the policy does not allow configuring the automatic addition of the created rules to the list of Device Control rules when the Rule Generator for Device Control group task is completed.

This scenario is recommended to generate allowing rules list before the first start of the Device Control task, so that allowing rules generated cover all trusted external devices that are used on a protected device.

Usage of system data about all connected devices

During the task running, Kaspersky Security for Windows Server receives system data about all external devices that have ever been connected or that are currently connected to a protected device, and displays detected devices in the list of the Generate rules based on the system information window.

For each detected device Kaspersky Security for Windows Server parses the values of manufacturer (VID), controller type (PID), friendly name, serial number and device instance path. You can generate allowing rules for any external device, whose data have been stored in the system, and straightly add newly created rules to the list of the device control rules.

According to this scenario Kaspersky Security for Windows Server generates allowing rules for external devices that have ever been connected or are currently connected to a protected device with Kaspersky Security Center installed.

This scenario is recommended to renew an already specified rules list when it is necessary to trust a little amount of new external devices.

Usage of data about the currently connected devices

In this scenario, Kaspersky Security for Windows Server generates allowing rules only for currently connected external devices. You can select one or more external devices for which you want to generate allowing rules.

Usage of the Device Control task in the Statistics only mode

XML file received upon the Device Control task completion in the Statistics only mode is generated basing on the task log.

During the task running Kaspersky Security for Windows Server logs information about all connections of flash drives and other external devices to a protected device. You can generate allowing rules based on task events and export them to an XML file. Before starting the task in the Statistics only mode, it is recommended to configure the task running period so that during the term specified all the possible external devices connections to a protected device would be performed.

This scenario is recommended to renew an already generated rules list if it is required to allow a large number of new external devices.

If the rule list generation according to this scenario is performed on a template machine, you can apply a generated allowing rules list while configuring the Device Control task via the Kaspersky Security Center. This way you will be able to allow to use the external devices that are connected to a template machine on all the protected devices.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats
Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.