Views:

Device Control permissions for storage devices are used when you:

  • Allow access to USB storage devices, CD/DVD, floppy disks, and network drives. You can grant full access to these devices or limit the level of access.

  • Configure the list of approved USB storage devices. Device Control allows you to block access to all USB storage devices, except those that have been added to the list of approved devices. You can grant full access to the approved devices or limit the level of access.

The following table lists the permissions for storage devices.

Table 1. Device Control Permissions for Storage Devices

Permissions

Files on the Device

Incoming Files

Full access

Permitted operations: Copy, Move, Open, Save, Delete, Execute

Permitted operations: Save, Move, Copy

This means that a file can be saved, moved, and copied to the device.

Modify

Permitted operations: Copy, Move, Open, Save, Delete

Prohibited operations: Execute

Permitted operations: Save, Move, Copy

Read and execute

Permitted operations: Copy, Open, Execute

Prohibited operations: Save, Move, Delete

Prohibited operations: Save, Move, Copy

Read

Permitted operations: Copy, Open

Prohibited operations: Save, Move, Delete, Execute

Prohibited operations: Save, Move, Copy

List device content only

Prohibited operations: All operations

The device and the files it contains are visible to the user (for example, from Windows Explorer).

Prohibited operations: Save, Move, Copy

Block

(available after installing Data Protection)

Prohibited operations: All operations

The device and the files it contains are not visible to the user (for example, from Windows Explorer).

Prohibited operations: Save, Move, Copy

File-based scanning complements, and may override, the device permissions. For example, if the permission allows a file to be opened but the Security Agent detects that the file is infected with malware, a specific scan action is performed on the file to eliminate the malware. If the scan action is Clean, the file opens after it is cleaned. However, if the scan action is Delete, the file is deleted.

The following table lists the permissions for mobile and non-storage devices managed by Data Protection.

Table 2. Device Control Permissions for Mobile and Non-storage Devices

Permissions

Files on the Device

Incoming Files

Allow

Permitted operations: Copy, Move, Open, Save, Delete, Execute

Permitted operations: Save, Move, Copy

This means that a file can be saved, moved, and copied to the device.

Block

Prohibited operations: All operations

The device and the files it contains are not visible to the user (for example, from Windows Explorer).

Prohibited operations: Save, Move, Copy

Tip:

Device Control for Data Protection supports all 64-bit platforms. For Unauthorized Change Prevention monitoring on systems that the Security Agent does not support, set the device permission to Block to limit access to these devices.