Device Control | Trend Micro Service Central

Views:

Device Control regulates access to external storage devices and network resources connected to computers. Device Control helps prevent data loss and leakage and, combined with file scanning, helps guard against security risks.

You can configure Device Control policies for internal and external agents. Administrators typically configure a stricter policy for external agents.

Policies are granular settings in the Apex One agent tree. You can enforce specific policies to agent groups or individual agents. You can also enforce a single policy to all agents.

After you deploy the policies, agents use the location criteria you have set in the Endpoint Location screen (see Endpoint Location) to determine their location and the policy to apply. Agents switch policies each time the location changes.

Important:

By default, Device Control is disabled on all versions of Windows Server. Before enabling Device Control on these server platforms, read the guidelines and best practices outlined in Security Agent Services.
For a list of supported device models, see the Data Protection Lists document at:

http://docs.trendmicro.com/en-us/enterprise/data-protection-reference-documents.aspx

The types of devices that Apex One can monitor depends on whether the Data Protection license is activated. Data Protection is a separately licensed module and must be activated before you can use it. For details about the Data Protection license, see Data Protection License.

Table 1. Devices Monitored by the Unauthorized Change Prevention Service
Device Type	Device Description
Storage Devices	CD/DVD Important: Device Control can only limit access to CD/DVD recording devices that use the Live File System format. Some third-party applications that use Master Format can still perform read/write operations even with Device Control enabled. Use Data Loss Prevention to limit access to CD/DVD recording devices that use any format type. For details, see Blocking Access to Data Recorders (CD/DVD).
	Floppy disks
	Network drives
	USB storage devices

Table 2. Devices Monitored by Data Loss Prevention
Device Type	Device Description
Mobile Devices	Mobile devices
Storage Devices	CD/DVD
	Floppy disks
	Network drives
	USB storage devices
Non-storage Devices	Bluetooth adapters
	COM and LPT ports
	IEEE 1394 interface
	Imaging devices
	Infrared devices
	Modems
	PCMCIA cards
	Print screen key
	Wireless NICs