cancel
Showing results for 
Search instead for 
Did you mean: 

How Device Control block devices

Hardware Identifiers

In Windows, every device has a few sets of properties that can be used to identify the device or the class of the device. In the table below the properties are ordered by specificity from most specific to general.
Property Description
Device ID A device has only one device ID that is the most specific ID for a device.
Hardware IDs A device can have multiple hardware IDs. They are also ordered by specificity.
Compatible IDs List of general IDs for all devices of the same kind.
Class A single GUID of device interface class. Every device has only one class. This is a registry key under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class
where device information are stored. There are list of common classes but some devices generates unique class.

For a list of universal Class IDs, click here.

The algorithm

  1. Device Control subscribes to the system notification about hardware configuration changes.
  2. When configuration changed, Device Control enumerates all devices.
  3. For every device identifier checked starting from Device ID down to Class GUID.
  4. If matching rule found Device Control check the Access Level from the rule.
  5. If rule has Full access/Allow and device is blocked - Device Control remove block (enable the device).
  6. If rule has Blocked access level and device id not blocked - Device Control blocks (disable) the device.
  7. If access level match the current state of the device then no action is performed.

Alerts

  • When the device is blocked for the first time, a flyer notification is shown to the current user.
  • Policy Manager administrator gets the alert every time when the device is blocked.
Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
7 of 7
Last update:
‎16-10-2017 11:43 AM
Updated by: