Device Control overview

This discussion has a more recent version.
PatrickPatrick Posts: 130 F-Secure Product Expert

This article applies to the following F-Secure products: Client Security, Policy Manager, PSB Portal, and Computer Protection.

Device Control prevents threats from accessing your system via hardware devices, such as USB sticks, CD-ROM drives, and web cameras. This feature also prevents data leakage, by allowing read-only access, for example.

When an unallowed device is plugged in to a computer, Device Control turns off the external device to prevent user access. This is done by setting up predefined rules; for example, you can set up rules to allow certain devices while other devices of the same class are blocked. Access is only given therefore to approved hardware.

In Device Control, you can, for example:

  • Disallow running programs from USB/CD/other drives: disable autorun, accidental execution, or loading modules from removable drives.
  • Block device classes completely.
  • Define read-only access to USB/CD/other drives.
  • Block device classes with the exception of specified devices.

Device Control configuration

Device Control can be configured from the Policy Manager or PSB Portal (Profile Editor) only. There is no local configuration user interface.

Device Control options

Option Values Description
Device Control Enabled
  • Enabled
  • Disabled
Allow to disable Device Control. All rules and options is ignored if this option is set to 'Disabled'.
Notify Administrator (Available for Policy Manager/Client Security only)
  • No Alerts
  • Informational
  • Warning
  • Security
Specifies the type of alert that is sent when a device is blocked. The administrator will receive the corresponding type of alert. For example, if 'Warning' is selected, the administrator will receive a warning alert. If 'No Alerts' is selected, the administrator will not receive any alerts for blocked devices.
Hardware Devices This table contains the rules for device control. The most specific rule will be used to determine the access level for a device. Devices can be identified by (from specific to general):
  1. Device ID;
  2. Hardware ID;
  3. Compatible ID;
  4. Device Class GUID

    All devices not listed in this table are allowed by default.

Hardware Devices table

Option Values Description
  • Yes
  • No
This flag indicates that the rule is in use.
Display Name The rule name that is shown to administrators. This name should help administrators to organize rules.
Hardware ID The string that identifies the device (Device ID, Hardware ID, Compatible ID or Class GUID).
Access Level
  • Full access/Allow
  • Blocked
The access level for the device.
Sign In or Register to comment.