Adding Device control rules
A Device control rule defines an action to take when a device meeting the rule criteria is connected to the computer.
Type a description of the rule into the Name field for better identification. Click the toggle next to Rule enabled to disable or enable this rule; this can be useful if you do not want to delete the rule permanently.
Device type
Choose the external device type from the drop-down menu (Disk storage/Portable device/Bluetooth/FireWire/...). Device type information is collected from the operating system and can be seen in the system Device manager if a device is connected to the computer. Storage devices include external disks or conventional memory card readers connected via USB or FireWire. Smart card readers include all readers of smart cards with an embedded integrated circuit, such as SIM cards or authentication cards. Examples of imaging devices are scanners or cameras. Because these devices only provide information about their actions and do not provide information about users, they can only be blocked globally.
Action
Access to non-storage devices can either be allowed or blocked. In contrast, rules for storage devices enable you to select one of the following rights settings:
•Allow—Full access to the device will be allowed.
•Block—Access to the device will be blocked.
•Write Block—Only read access to the device will be allowed.
•Warn—Each time a device is connected, the user will be notified if it is allowed/blocked, and a log entry will be recorded. Devices are not remembered and a notification will still be displayed in case of subsequent connections of the same device.
Not all actions (permissions) are available for all device types. If it is a device of storage type, all four actions are available. For non-storage devices, there are only three actions available (for example, Write Block is not available for Bluetooth; therefore, Bluetooth devices can only be allowed, blocked or warned).
Criteria type
Select Device group or Device.
Additional parameters shown below can be used to fine-tune rules for different devices. All parameters are case-sensitive and support wildcards (*, ?):
•Vendor—Filter by vendor name or ID.
•Model—The given name of the device.
•Serial—External devices usually have their own serial numbers. In the case of a CD/DVD, this is the serial number of the given media, not the CD drive.
If these parameters are undefined, the rule will ignore these fields while matching. Filtering parameters in all text fields are case-sensitive and support wildcards (a question mark (?) represents a single character, whereas an asterisk (*) represents a string of zero or more characters). |
To view information about a device, create a rule for that type of device, connect the device to your computer and then check the device details in the Device control log. |
Logging severity
ESET NOD32 Antivirus saves all important events in a log file, which can be viewed directly from the main menu. Click Tools > Log files and then select Device control from the Log drop-down menu.
•Always—Logs all events.
•Diagnostic—Logs information needed to fine-tune the program.
•Information—Records informative messages, including successful update messages, plus all records above.
•Warning—Records critical errors and warning messages.
•None—No logs will be recorded.
User list
Rules can be limited to certain users or user groups by adding them to the User list clicking Edit next to User list.
•Add—Opens the Object types: Users or Groups dialog window that enables you to select desired users.
•Delete—Removes the selected user from the filter.
User list limitations The User list cannot be defined for rules with specific Device types: •USB Printer •Bluetooth device •Smart card reader •Imaging device •Modem •LPT/COM port |
Notify user—If a device blocked by an existing rule is inserted, a notification window will be displayed.