Configuring Device Control

  1. Go to the Configure Policy screen by performing one of the following:
    • Classic Mode: Go to SECURITY AGENTS and select a group. Click > Configure Policy.

    • Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.

  2. Click Mac.
  3. Go to Device Control.
  4. Under Device Control, enable the feature and configure the required settings on the Endpoint Settings tab.
  5. Select a permission for each storage device.
    Table 1. Device Control Permissions


    Files on the Device

    Incoming Files

    Full access

    Permitted operations: Copy, Move, Open, Save, Delete, Execute

    Permitted operations: Save, Move, Copy

    This means that a file can be saved, moved, and copied to the device.


    Permitted operations: Copy, Open

    Prohibited operations: Save, Move, Delete, Execute

    Prohibited operations: Save, Move, Copy


    Prohibited operations: All operations

    The device and the files it contains are not visible to the user (for example, from Finder).

    Prohibited operations: Save, Move, Copy

  6. If you selected Block or Read for USB storage devices, you can specify the access level Device Control permits to users accessing the allowed USB devices.
    1. Go to the Exceptions tab.
    2. Specify the permission for the global Allowed USB Device List.

      For more information on configuring the Allowed USB Device List, see Adding Exceptions to the Allowed USB Device List.

  7. Click Save.