Device Control allows to an network administrator to protect network by disallowing to use some hardware devices (USB sticks, CD-ROM drives, web-cameras and so on).
When prohibited device is plugged in - the Device Control turns it off to prevent user access.
Device Control is provided with Client Security 9.3x
Device Control is installed by default with Client Security 9.30. Default rules doesn't disallow any devices. To use the function the Device Control have to be configured from the Policy Manager.
Device Control can be configured from the Policy Manager only. There are no local configuration user interface.
|Device Control Enabled||
||Allow to disable Device Control. All rules and options will be ignored if this option has "Disabled" value|
||Specifies the type of alert that is sent when a device is blocked. The administrator will receive the corresponding type of alert. For example, if 'Warning' is selected, the administrator will receive a warning alert. If 'No Alerts' is selected, the administrator will not receive any alerts for blocked devices.|
|Hardware Devices||This table contains the rules for device control. The most specific rule will be used to determine the access level for a device. Devices can be identified by (from specific to general):
||This flag indicates that the rule is in use|
|Display Name||The rule name that is shown to administrators. This name should help administrators to organize rules.|
|Hardware ID||The string that identifies the device (Device ID, Hardware ID, Compatible ID or Class GUID).|
||The access level for the device.|
In Windows every device have a few sets of properties that can be used to identify the device or the class of device.
In the table below the properties are ordered by specificity from most specific to general:
|Device ID||A device has only one device ID that is the most specific ID for a device.|
|Hardware IDs||Device can have multiple hardware IDs. They are also ordered by specificity.|
|Compatible IDs||List of general IDs for all devices of the same kind.|
|Class||A single GUID of device interface class. Every device has one and only one class. This is a registry key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class where device information are stored. There are list of common classes but some devices generates unique class.|
Device Control is provided with the set of common rules:
To prevent users from use devices administrator should select "Blocked" access level for desired rule.
It is possible to define rules that allows to use some specific device when all other devices of same class will be blocked:
There are several ways to get Hardware IDs of device to use it in rules:
Device control reports about all devices installed on the PC using PM statistics. Device Control Statistics contains following table:
|Device ID||The device ID|
|Device Name||The name of device reported by system|
|Hardware IDs||The comma-separated list of Hardware IDs|
|Compatible IDs||The comma-separated list of Compatible IDs|
|Device class||The Device class guid|
|State||The sate of device reported by Windows:
|Rule||If device was disabled by Device Control this field will contain Hardware Id from rule affected rule|
R&D took this feature request to their backlog. We are currently collecting feedback on Device Control and we will decide later on, which feature we will implement and when we are going to implement those.
Therefore I can't tell you if and when we will implement your request.
Hi dear Patric!
I agree. It would be very convenient if, for example, there is a monitor tool within client wish have the purpose to read all devices, have it reported to Policy Manager and use a similar management mechanism as we use for reported applications from clients.
we basically have the functionallity to view the Hardware ID's from client usind Device Control Statistics:
But as mentioned before we do not offer a solution to directly create rules based on those in the statistics. I will inform R&D that there is more demand for such feature.
Thanks for your reply!
I've installed F-Secure Policy Manager 10.01 and F-Secure Client Security 9.32 for the clients. But I'm not finding any option for Device Control. Can you please tell me how to configure my device control from the policy manager.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions