OfficeScan provides a device control feature that regulates access to external storage devices and network resources connected to computers. Device control helps prevent data loss and leakage and, combined with file scanning, helps guard against security risks.
Device Control is available only on computers running x86 type platforms.
To manage access to external devices:
Networked Computers > Client Management > Settings > Device Control
Select the check box to enable device control.
Choose whether to block or allow the AutoRun function (autorun.inf) on USB devices connected to the computer.
Select the permissions for each device type.
|
Device permissions |
|
Permissions |
Files on the Device |
Incoming Files |
|
Full access |
Operations allowed: Copy, Move, Open, Save, Delete, Execute |
Operations allowed: Save, Move, Copy This means that a file can be saved, moved, and copied to the device. |
|
Read and write only |
Operations allowed: Copy, Move, Open, Save, Delete Operation blocked: Execute |
Operations allowed: Save, Move, Copy |
|
Read and execute only |
Operations allowed: Copy, Open, Execute Operations blocked: Save, Move, Delete |
Operations blocked: Save, Move, Copy |
|
Read only |
Operations allowed: Copy, Open Operations blocked: Save, Move, Delete, Execute |
Operations blocked: Save, Move, Copy |
|
No access |
Any attempt to access the device or network resource is automatically blocked. |
Operations blocked: Save, Move, Copy |
The scanning function in OfficeScan complements and may override the device permissions. For example, if the permission allows a file to be opened but OfficeScan detects that the file is infected with malware, a specific scan action will be performed on the file to eliminate the malware. If the scan action is Clean, the file opens after it is cleaned. However, if the scan action is Delete, the file is deleted.
Select whether to display a notification message on the client computer when OfficeScan detects unauthorized device access, which includes all operations that OfficeScan blocks.
If you selected domain(s) or client(s) on the client tree, click Save to apply settings to the domain(s) or client(s). If you selected the root icon
, choose from the following options:
Apply to All Clients: Applies settings to all existing clients and to any new client added to an existing/future domain. Future domains are domains not yet created at the time you configure the settings.
Apply to Future Domains Only: Applies settings only to clients added to future domains. This option will not apply settings to new clients added to an existing domain.
See also: