Blocking device access using predefined rules
This article applies to the following F-Secure products: Client Security, Policy Manager, PSB portal, and Computer Protection.
Device Control is provided with the following set of common rules:
- USB Mass Storage devices
- Wireless devices
Note: Some USB Wi-Fi adapters do not use the USB\Class_E0 hardware ID. To control such devices, create a custom rule.
- DVD/CD-ROM drives
- Windows CE ActiveSync devices
- Floppy drives
- COM & LPT ports
Note: This rule does not control a device connected to the COM or LPT port but the port itself.
- Smart card readers
- Imaging devices (cameras and scanners)
- IEEE 1394 Host Bus Controller
- IrDA devices
- Bluetooth devices
To prevent users from using the devices, the administrator should select "Blocked" access level for the desired rule.
Adding exceptions (grant access to the specific device)
It is possible to define rules that allow the use of some specific device when all other devices of the same class will be blocked:
- Get Hardware ID of device that should be allowed. The Hardware ID has to be more specific than ID used to block the device.
- Add new rule in Hardware Devices table with the ID.
- Set Full access/Allow level for the new created rule.
- Set Active Yes for the new created rule.