Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
Device Control overview - F-Secure Community
<main> <article class="userContent"> <p> </p>Device Control overview <p>This article applies to the following F-Secure products: Client Security, Policy Manager, PSB Portal, and Computer Protection. </p> <p>Device Control prevents threats from accessing your system via hardware devices, such as USB sticks, CD-ROM drives, and web cameras. This feature also prevents data leakage, by allowing read-only access, for example. </p> <p>When an unallowed device is plugged in to a computer, Device Control turns off the external device to prevent user access. This is done by setting up predefined rules; for example, you can set up rules to allow certain devices while other devices of the same class are blocked. Access is only given therefore to approved hardware. </p> <p>In Device Control, you can, for example: </p> <div> <ul><li>Disallow running programs from USB/CD/other drives: disable autorun, accidental execution, or loading modules from removable drives. </li> <li>Block device classes completely. </li> <li>Define read-only access to USB/CD/other drives. </li> <li>Block device classes with the exception of specified devices. </li> </ul></div> <p><strong>Device Control configuration</strong> </p> <p> Device Control can be configured from the Policy Manager or PSB Portal (Profile Editor) only. There is no local configuration user interface. </p> <p><strong>Device Control options</strong> </p> <div> <div><table><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td><strong>Option</strong> </td> <td><strong>Values</strong> </td> <td><strong>Description</strong> </td> </tr><tr><td>Device Control Enabled </td> <td> <ul><li>Enabled </li> <li>Disabled </li> </ul></td> <td>Allow to disable Device Control. All rules and options is ignored if this option is set to 'Disabled'. </td> </tr><tr><td>Notify Administrator (Available for Policy Manager/Client Security only) </td> <td> <ul><li>No Alerts </li> <li>Informational </li> <li>Warning </li> <li>Security </li> </ul></td> <td>Specifies the type of alert that is sent when a device is blocked. The administrator will receive the corresponding type of alert. For example, if 'Warning' is selected, the administrator will receive a warning alert. If 'No Alerts' is selected, the administrator will not receive any alerts for blocked devices. </td> </tr><tr><td>Hardware Devices </td> <td> </td> <td> This table contains the rules for device control. The most specific rule will be used to determine the access level for a device. Devices can be identified by (from specific to general): <ol><li>Device ID; </li> <li>Hardware ID; </li> <li>Compatible ID; </li> <li>Device Class GUID <p>All devices not listed in this table are allowed by default. </p> </li> </ol></td> </tr></tbody></table></div> </div> <p><strong>Hardware Devices table</strong> </p> <div> <div><table><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td><strong>Option</strong> </td> <td><strong>Values</strong> </td> <td><strong>Description</strong> </td> </tr><tr><td>Active </td> <td> <ul><li>Yes </li> <li>No </li> </ul></td> <td>This flag indicates that the rule is in use. </td> </tr><tr><td>Display Name </td> <td> </td> <td>The rule name that is shown to administrators. This name should help administrators to organize rules. </td> </tr><tr><td>Hardware ID </td> <td> </td> <td>The string that identifies the device (Device ID, Hardware ID, Compatible ID or Class GUID). </td> </tr><tr><td>Access Level </td> <td> <ul><li>Full access/Allow </li> <li>Blocked </li> </ul></td> <td>The access level for the device. </td> </tr></tbody></table></div> </div> <div id="related"> <strong>Related information</strong> <ul><li><a rel="nofollow" href="https://community.f-secure.com/common-business-en/kb/articles/5517">Blocking device access using predefined rules </a></li> <li><a rel="nofollow" href="https://community.f-secure.com/common-business-en/kb/articles/5525">How Device Control block devices </a></li> <li><a rel="nofollow" href="https://community.f-secure.com/business-suite-en/kb/articles/5637">Getting Hardware ID for a device </a></li></ul></div> <br> </article> </main>