Configuring Device Control Settings

  1. Navigate to Agent Management.
  2. In the agent tree, click the root icon () to include all Security Agents or select specific groups or Security Agents.
  3. Click Settings > Device Control Settings.
  4. Click the External Agents tab to configure settings for external agents or the Internal Agents tab to configure settings for internal agents.
  5. Select Enable Device Control.
  6. Under Devices, select a permission for each storage device.

    For details about permissions, see Permissions for Storage Devices.

  7. (Optional) If the permission for USB storage devices is Block, you can configure a list of approved devices under USB Storage Device Approved List. Users can access these devices and you can control the level of access using permissions.
    Tip:

    The approved list for USB devices supports the use of the asterisk (*) wildcard. Replace any field with the asterisk (*) to include all devices that satisfy the other fields. For example, [manufacturer]-[product ID]-* places all USB devices from the specified manufacturer and the specified product type, regardless of serial number, to the approved list.

    1. Type the device manufacturer, product ID, and serial number for a USB storage device.
    2. Click Add.
      Tip:

      • To delete a device from the list, select an entry and click Remove.

      • Use the Device List Tool to query devices connected to endpoints. The tool provides the device manufacturer, product ID, and serial number for each device.

        For more information, see Device List Tool.

    3. Select the permission for the device.

      For details about permissions, see Permissions for Storage Devices.

      Note:

      USB storage devices on the approved list must have a higher permission level than the permission setting for USB storage devices in the Devices section.

  8. Under Notification, select the Display a notification message on the agent endpoint when a new device is detected option to display a notification when a new storage device is connected to the endpoint. The notification indicates the access permission for the new storage device.
  9. If you selected one or more groups or Security Agents on the agent tree, click Save to apply settings to the groups or Security Agents. If you selected the root icon (), choose from the following options:

    • Apply to All Agents: Applies settings to all existing Security Agents and to any new Security Agent added to an existing/future group. Future groups are groups not yet created at the time you configure the settings.

    • Apply to Future Groups Only: Applies settings only to Security Agents added to future groups. This option will not apply settings to new Security Agents added to an existing group.

Parent topic: Using Device Control