External Devices Control Settings
- Let's you to define a list of devices that should be blocked on endpoints using this profile.
For example, you can block access to USB storage devices, human interface devices, Bluetooth devices, infrared devices, IDE ATA/ATAPI controllers.
- Endpoint Manager blocks access to devices connected through both serial and parallel ports and creates a log of their connection activities.
- You can create exclusions for external devices which you want to allow to connect to managed endpoints. Devices can be added as exclusion by specifying their Device Ids. You can use wildcard characters in the device ID if you want to include a series of devices with similar device IDs.
Configure External Devices Control Settings
- Click 'Section' > 'XCS'
- Click 'Edit' > Select 'External Devices Control' if it is not added yet.
- Enable Device Control - Enable or disable the external device control feature. This is useful if you want to configure external device control settings for a profile during its creation and enable it at a later time
- Log detected devices - Enable or disable logging of external device connection attempts on endpoints that use this profile. The logs can be viewed from 'Security Sub Systems' > 'Device Control' interface. See View History of External Device Connection Attempts for more details.
- Show notifications when devices disabled or enabled - Select whether or not a notification is to be shown to end-user when a connected device is blocked or allowed.
The 'External Devices Control' settings interface contains two tabs:
- Blocked Device Classes - Define the list of types of external devices to be blocked at the endpoints
- Exclusions - Specify the devices that should be excluded from blocking and allowed access at the endpoints
Blocked
Device Classes
The 'Blocked Device Classes' tab displays a list of types of device that are blocked as per the profile and allows you to add/remove new device types.
Blocked Device Classes – Column Descriptions |
|
---|---|
Column Header |
Description |
Device Class |
The device type as per global hardware classification. |
Class ID |
The Globally Unique Identifier (GUID) of the device class. |
Tip. Block 'Portable Devices' in addition to 'USB storage devices' if you want to stop users connecting their phones to access the phone's memory card |
Add device types to be blocked
- Click 'Add' at the top of the list
The 'Add Device Class' dialog appears with a list of device types.
- Select the device types to be added to the block list and click 'Ok'.
- Repeat the process to add more device types.
Remove a device type from the list
- Select the device type from the list and click 'Delete'
- Click 'Confirm' to remove the device type from the blocked list.
Exclusions
The 'Exclusions' tab displays a list of external devices that are exempt from the block rule and so allowed access to the endpoint(s).
Exclusions - Column Descriptions |
|
---|---|
Column Header |
Description |
Device Custom Name |
Displays the name of the device. |
Device ID |
Displays the unique device identifier of the device. |
Add a device to be excluded
- Click 'Add' at the top of the list
The 'Add Device Class' dialog will appear with a list of device types.
- Enter a label for the device in the 'Device Custom Name' field (optional)
- Enter the unique device identifier in the 'Device ID' field
Tip: You can use a wildcard character '*' in the Device ID if you want to cover a range of devices with similar IDs. For example, to include all USB storage devices whose device IDs start with “4C5310”, you could enter: USBSTORDISK&VEN_SANDISK4C5310* |
- Click
'Add'
The device will be added to the exclusions list and will be allowed access at the endpoint(s).
Remove a device from exclusions
- Select the device and click 'Delete'
- Click 'Confirm' to remove the item from the list
- Click the 'Save' button save the 'External Devices Control' settings.
- Click 'Delete' to remove the 'External Devices Control' section from the profile. See 'Edit Configuration Profiles' for more details about editing the parameters.