Rules editor

You can modify device control setup options in Setup > Enter application preferences... > Device Control.

Clicking Enable device control activates the Device Control feature in ESET Endpoint Security for macOS. Once Device control is enabled, you can manage and edit device control roles. Select the check box next to a rule name to enable or disable the rule.

Click the plus or minus buttons to add or remove rules. Rules are listed in order of priority, with higher priority rules closer to the top. To rearrange the order, drag-and-drop a rule to its new position or click settings and choose one of the options.

ESET Endpoint Security for macOS automatically detects all currently inserted devices and their parameters (device type, vendor, model, and serial number). Instead of creating rules manually, click Populate, select the device, and click Continue to create the rule.

Specific devices can be allowed or blocked according to their user, user group, or any of several additional parameters that can be specified in the rule configuration. The list of rules contains several descriptions of a rule such as the name, device type, logging severity, and action to perform after connecting a device to your computer. Following are descriptions of the rules you can specify:

Name - Type a description of the rule into the Name field for better identification. The Rule enabled check box disables or enables this rule. Using this check box can be useful if you do not want to delete the rule permanently.

Device Type - Choose the external device type from the drop-down menu. Device type information is collected from the operating system. Storage devices include external disks or conventional memory card readers connected via a USB or FireWire. Examples of imaging devices are scanners or cameras. Because these devices only provide information about their actions and do not provide information about users, they can only be blocked globally.

Action - Access to non-storage devices can either be allowed or blocked. In contrast, rules for storage devices enable you to select one of the following permission settings:

Read/Write – Full access to the device is allowed.

Read Only – Only read access to the device is allowed.

Block – Access to the device is blocked.

Criteria type - Select Device group or Device. You can use additional parameters shown below to fine-tune rules and tailor them to devices:

Vendor – Vendor name or ID

Model – Name of the device

Serial – Serial number of the device (For a CD/DVD device, this is the serial number of the given media, not the CD/DVD drive)


No parameters defined

If these parameters are not defined, the rule ignores these fields while matching. Filtering parameters in all text fields are case-insensitive, and no wildcards (*, ?) are supported.



To view information about a device, create a rule for that type of device and connect the device to your computer. Once the device has been connected, device details are displayed in the Device control log.

Logging severity -

Always – Logs all events.

Diagnostic – Logs information needed to fine-tune the program.

Information – Records informative messages plus all the records above.

Warning – Records critical errors and warning messages.

None – No logs are recorded.

User list - You can limit rules to certain users or user groups by adding them to the user list:

Edit – Opens the Identity editor where you can select users or groups. To define a list of users, select them from the Users list on the left side and click Add. To remove a user, select the username from the Selected Users list and click Remove. To display all system users, select Show all users. If the list is empty, all users are permitted.


User rules limitations

Not all devices can be filtered by user rules (for example, imaging devices do not provide information about users, only about actions).