ESET Endpoint Security – Table of Contents

Device Control

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

Enable Device Control

Enable or disable device control rules.

Rules

The Device control rules editor window displays existing rules and allows for precise control of external devices that users connect to the computer.

Specific devices can be allowed or blocked according to their user, user group, or any of several additional parameters that can be specified in the rule configuration. The list of rules contains several descriptions of a rule such as name, type of external device, action to perform after connecting an external device to your computer and log severity.

Click Add or Edit to manage a rule. Deselect the Enabled check box next to a rule to disable it until you want to use it in the future. Select one or more rules and click Delete to delete the rule(s) permanently.

Copy—Creates a new rule with pre-defined options used for another selected rule.

Rules are listed in order of priority with higher-priority rules closer to the top. Rules can be moved by clicking Top/Up/Down/Bottom and can be moved individually or in groups.

Adding device control rules

A Device control rule defines an action to take when a device meeting the rule criteria is connected to the computer.

Type a description of the rule into the Name field for better identification. Click the toggle next to Rule enabled to disable or enable this rule; this can be useful if you do not want to delete the rule permanently.

Device Type

Choose the external device type from the drop-down menu (All device types, Disk storage, CD/DVD).

Action

Choose an action to take when a device meeting the rule criteria is connected to the computer.

•Allow—Full access to the device will be allowed.

•Block—Access to the device will be blocked.

•Write Block—Only read access to the device will be allowed.

Criteria Type

Select Device and specify:

•Vendor—Filter by vendor name or ID.

•Model—The given name of the device.

•Serial—External devices usually have their own serial numbers. In the case of a CD/DVD, this is the serial number of the given media, not the CD drive.

Logging Severity

•Warning—Records critical errors and warning messages and sends them to ERA Server.

•Information—Records informative messages, including successful update messages.

Users—Add users.

Groups—Add user groups.

Notify user—If a device blocked by an existing rule is inserted, a notification window will be displayed.

Device Groups

The Device groups window is divided into two parts. The right part of the window contains a list of devices belonging to the respective group, and the left part contains created groups. Select a group to display devices in the right pane. When you open the Device groups window and select a group, you can add or remove devices from the list. Another way to add devices to the group is to import them from a file.

Control elements

Add—You can add a group by entering its name or a device to an existing group, depending on which part of the window you clicked the button.

Edit—You can modify the name of the selected group or device's parameters (vendor, model, serial number).

Delete—Deletes the selected group or device depending on which part of the window you clicked on the button.

Import—Imports a list of devices from a text file. Importing devices from a text file requires correct formatting:

•Each device starts at a new line.

•Vendor, Model, and Serial must be present for each device and separated with a comma.

˄˅