Configuring Device Control

  1. Go to the Configure Policy screen by performing one of the following:
    • Classic Mode: Go to SECURITY AGENTS and select a group. Click > Configure Policy.

    • Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.

  2. Click Windows.
  3. Go to Device Control.
  4. Under Device Control, enable the feature and configure the required settings on the Endpoint Settings tab.
    Tip:

    To set the same permission for all devices, click Configure All and select Restrict Access or Allow Access.

  5. In the Storage Devices section:
    1. Select a permission for each storage device.
      Table 1. Device Control Permissions

      Permissions

      Files on the Device

      Incoming Files

      Full access

      Permitted operations: Copy, Move, Open, Save, Delete, Execute

      Permitted operations: Save, Move, Copy

      This means that a file can be saved, moved, and copied to the device.

      Modify

      Permitted operations: Copy, Move, Open, Save, Delete

      Prohibited operations: Execute

      Permitted operations: Save, Move, Copy

      Read and execute

      Permitted operations: Copy, Open, Execute

      Prohibited operations: Save, Move, Delete

      Prohibited operations: Save, Move, Copy

      Read

      Permitted operations: Copy, Open

      Prohibited operations: Save, Move, Delete, Execute

      Prohibited operations: Save, Move, Copy

      List device content only

      Prohibited operations: All operations

      The device and the files it contains are visible to the user (for example, from Windows Explorer).

      Prohibited operations: Save, Move, Copy

      Block

      (Not available for network drives)

      Prohibited operations: All operations

      The device and the files it contains are not visible to the user (for example, from Windows Explorer).

      Prohibited operations: Save, Move, Copy

    2. If you selected to restrict access to any storage device, you can configure a list of programs that Device Control does not restrict access on any device type.

      For more information, see Configuring the Allowed Program List.

    3. If you selected Block or Read for USB storage devices, you can specify the access level Device Control permits to users accessing the allowed USB devices.

      For more information, see Configuring Device Control Exceptions.

    4. Select Block the AutoRun function on USB storage devices to prevent programs saved on USB devices from executing automatically.
  6. In the Mobile Devices and Non-Storage Devices sections, select a permission for each device.
  7. Click Save.