ESET Online Help

Search English
Select the topic

Device rules

Specific devices can be allowed or blocked by user, user group, or any of several additional parameters that can be specified in the rule configuration. The list of rules contains several descriptions of a rule such as its name, the type of external device, the action to perform when a device is detected, and log severity.

You can Add a new rule or modify settings of an existing one. Enter a description of the rule into the Name field for better identification. Click the switch next to Rule enabled to disable or enable this rule; this can be useful if you do not want to delete the rule permanently.

Apply during

You can limit rules using Time slots. Create the time slot first, it will then appear in the drop-down menu.

Device type

Choose the external device type from the drop-down menu (Disk storage/Portable device/Bluetooth/FireWire/...). The types of devices are inherited from the operating system and can be seen in the system Device manager assuming the device is connected to the computer. Storage devices include external disks or conventional memory card readers connected via USB or FireWire. Smart card readers include all readers of smart cards with an embedded integrated circuit, such as SIM cards or authentication cards. Examples of imaging devices are scanners or cameras, these devices do not provide information about users, only about their actions. This means that imaging devices can only be blocked globally.

Action

Access to non-storage devices can either be allowed or blocked. In contrast, rules for storage devices allow you to select one of the following rights settings:

Read/Write – Full access to the device will be allowed.

Block – Access to the device will be blocked.

Read Only – Only read access to the device will be allowed.

Warn – Each time that a device is connected, the user will be notified if it is allowed/blocked, and a log entry will be made. Devices are not remembered, a notification will still be displayed upon subsequent connections of the same device.


note

Not all rights (actions) are available for all device types. If a device has storage space, all four actions are made available. For non-storage devices, there are only two (for example, Read Only is not available for Bluetooth, so Bluetooth devices can only be allowed or blocked).

Criteria type

Additional parameters below can be used to fine-tune rules and tailor them to devices. All parameters are case-sensitive and support wildcards (*, ?):

Vendor – Filter by vendor name or ID.

Model – The given name of the device.

Serial – External devices usually have their own serial numbers. In the case of a CD/DVD, this is the serial number of the given media, not the CD drive.


note

If these parameters are undefined, the rule will ignore these fields while matching. Filtering parameters in all text fields are case-sensitive and support wildcards (a question mark (?) represents a single character, whereas an asterisk (*) represents a string of zero or more characters).

To figure out the parameters of a device, create a rule to allow that type of device, connect the device to your computer and then review the device details in the Device control log.

Choose the Logging severity from the drop-down list:

Always – Logs all events.

Diagnostic – Logs information needed to fine-tune the program.

Information – Records informative messages, including successful update messages, plus all records above.

Warning – Records critical errors and warning messages.

None – No logs will be recorded.

Rules can be limited to certain users or user groups by adding them to the User list. Click Edit to manage the User list.

Add – Opens the Object types: Users or Groups dialog window that allows you to select desired users.

Delete – Deletes the selected user from the filter.


note

All devices can be filtered by user rules (for example imaging devices do not provide information about users, only about invoked actions).

The following functions are available:

Edit

Lets you modify the name of a selected rule or parameters for the devices contained therein (vendor, model, serial number).

Copy

Creates a new rule based on the parameters of the selected rule.

Delete

If you want to delete the selected rule. Alternatively, you can use the check box next to a given rule to disable it. This can be useful if you do not want to delete a rule permanently so that you can use it in the future.

Populate

Provides an overview of all currently connected devices with the following information: device type, device vendor, model and serial number (if available). When you select a device (from the list of Detected devices) and click OK, a rule editor window appears with pre-defined information (you can adjust all the settings).

Rules are listed in order of priority with higher-priority rules at the top. You can select multiple rules and apply actions, such as deleting or moving them up or down the list by clicking Top/Up/Down/Bottom (arrow buttons).