Adding Device control rules

A Device control rule defines the action that will be taken when a device meeting the rule criteria is connected to the computer.

CONFIG_DEVMON_RULE_EDIT_DLG

Enter a description of the rule into the Name field for better identification. Click the switch next to Rule enabled to disable or enable this rule; this can be useful if you don't want to delete the rule permanently.

Device type

Choose the external device type from the drop-down menu (Disk storage/Portable device/Bluetooth/FireWire/...). Device type information is collected from the operating system and can be seen in the system Device manager if a device is connected to the computer. Storage devices include external disks or conventional memory card readers connected via USB or FireWire. Smart card readers include all readers of smart cards with an embedded integrated circuit, such as SIM cards or authentication cards. Examples of imaging devices are scanners or cameras. Because these devices only provide information about their actions and do not provide information about users, they can only be blocked globally.

Action

Access to non-storage devices can either be allowed or blocked. In contrast, rules for storage devices allow you to select one of the following rights settings:

Read/Write – Full access to the device will be allowed.

Block – Access to the device will be blocked.

Read Only – Only read access to the device will be allowed.

Warn – Each time that a device is connected, the user will be notified if it is allowed/blocked, and a log entry will be made. Devices are not remembered, a notification will still be displayed upon subsequent connections of the same device.

Note that not all Actions (permissions) are available for all device types. If it is a device of storage type, all four Actions are available. For non-storage devices, there are only three Actions available (for example Read Only is not available for Bluetooth, therefore Bluetooth devices can only be allowed, blocked or warned).

Criteria type – Select Device group or Device.

Additional parameters shown below can be used to fine-tune rules and tailor them to devices. All parameters are case-insensitive:

Vendor – Filter by vendor name or ID.

Model – The given name of the device.

Serial – External devices usually have their own serial numbers. In the case of a CD/DVD, this is the serial number of the given media, not the CD drive.

icon_details_hoverNOTE

If these parameters are undefined, the rule will ignore these fields while matching. Filtering parameters in all text fields are case-insensitive and no wildcards (*, ?) are supported.

icon_details_hoverNOTE

To view information about a device, create a rule for that type of device, connect the device to your computer and then check the device details in the Device control log.

Logging severity

ESET NOD32 Antivirus saves all important events in a log file, which can be viewed directly from the main menu. Click Tools > Log files and then select Device control from the Log drop-down menu.

Always – Logs all events.

Diagnostic – Logs information needed to fine-tune the program.

Information – Records informative messages, including successful update messages, plus all records above.

Warning – Records critical errors and warning messages.

None – No logs will be recorded.

Rules can be limited to certain users or user groups by adding them to the User list:

Add – Opens the Object types: Users or Groups dialog window that allows you to select desired users.

Remove – Removes the selected user from the filter.

icon_details_hoverNOTE

All devices can be filtered by user rules, (for example imaging devices do not provide information about users, only about actions).