Device Control prevents threats from accessing your system via hardware devices, such as USB sticks, CD-ROM drives, and web cameras. This feature also prevents data leakage, by allowing read-only access, for example.
When an unallowed device is plugged in to a computer, Device Control turns off the external device to prevent user access. This is done by setting up predefined rules; for example, you can set up rules to allow certain devices while other devices of the same class are blocked. Access is only given therefore to approved hardware.
In Device Control, you can, for example:
Device Control configuration
Device Control can be configured from the Policy Manager or PSB Portal (Profile Editor) only. There is no local configuration user interface.
Device Control options
|Device Control Enabled||
||Allow to disable Device Control. All rules and options is ignored if this option is set to 'Disabled'.|
|Notify Administrator (Available for Policy Manager/Client Security only)||
||Specifies the type of alert that is sent when a device is blocked. The administrator will receive the corresponding type of alert. For example, if 'Warning' is selected, the administrator will receive a warning alert. If 'No Alerts' is selected, the administrator will not receive any alerts for blocked devices.|
This table contains the rules for device control. The most specific rule will
be used to determine the access level for a device. Devices can be identified
by (from specific to general):
Hardware Devices table
||This flag indicates that the rule is in use.|
|Display Name||The rule name that is shown to administrators. This name should help administrators to organize rules.|
|Hardware ID||The string that identifies the device (Device ID, Hardware ID, Compatible ID or Class GUID).|
||The access level for the device.|