Configuring Device Control

Procedure

1. Go to the Configure Policy screen by performing one of the following:
   • Classic Mode: Go to SECURITY AGENTS and select a group. Click → Configure Policy.
   • Advanced Mode: Go to POLICIES → Policy Management. Click Add or click an existing policy.
2. Click Windows.
3. Go to Device Control.
4. Under Device Control, enable the feature and configure the required settings on the Endpoint Settings tab.

   Tip To set the same permission for all devices, click Configure All and select Restrict Access or Allow Access.

5. In the Storage Devices section:
   1. Select a permission for each storage device.

      Device Control Permissions

      Permissions	Files on the Device	Incoming Files
      Full access	Permitted operations: Copy, Move, Open, Save, Delete, Execute	Permitted operations: Save, Move, Copy This means that a file can be saved, moved, and copied to the device.
      Modify	Permitted operations: Copy, Move, Open, Save, Delete Prohibited operations: Execute	Permitted operations: Save, Move, Copy
      Read and execute	Permitted operations: Copy, Open, Execute Prohibited operations: Save, Move, Delete	Prohibited operations: Save, Move, Copy
      Read	Permitted operations: Copy, Open Prohibited operations: Save, Move, Delete, Execute	Prohibited operations: Save, Move, Copy
      List device content only	Prohibited operations: All operations The device and the files it contains are visible to the user (for example, from Windows Explorer).	Prohibited operations: Save, Move, Copy
      Block (Not available for network drives)	Prohibited operations: All operations The device and the files it contains are not visible to the user (for example, from Windows Explorer).	Prohibited operations: Save, Move, Copy

   2. If you selected to restrict access to any storage device, you can configure a list of programs that Device Control does not restrict access on any device type.
      For more information, see Configuring the Allowed Program List.
   3. If you selected Block or Read for USB storage devices, you can specify the access level Device Control permits to users accessing the allowed USB devices.
      For more information, see Configuring Device Control Exceptions.
   4. Select Block the AutoRun function on USB storage devices to prevent programs saved on USB devices from executing automatically.
6. In the Mobile Devices and Non-Storage Devices sections, select a permission for each device.
7. Click Save.