Restrict device access with Device Control settings

For Device Control to function on a device, you must have the local scheduler agent and the standard agent deployed on that device. Every time the device initiates a device connection or makes changes to a device connection, the agent applies setting rules. These rules include terminating connections that aren't allowed and sending alerts to the core server.

By default, device control settings can restrict the various types of devices. You can use the advanced USB settings to restrict any USB device or class of devices that you specify. Among the devices you can restrict are:

  • USB devices such as drives, keyboards and mice, printers, and scanners
  • Cell phones and other mobile devices
  • Network volumes
  • Bluetooth Personal Area Networks
  • Wireless 802.11x networks
  • Modems
  • PCMCIA devices
  • Serial, parallel, infrared, and FireWire 1394 ports
  • Floppy and CD/DVD drives

Creating device control settings

To create device control settings
  1. Click Tools > Security and compliance> Agent settings.
  2. Under All agent settings, right-click Device Control, and then click New.

  3. On the General Settings page, enter a Name.
  4. Select the Enable device control check box.
  5. On the other pages, customize the options you want. For more information about the options on the dialog box, see Agent settings: Device control.
  6. Click Save to save the settings.
  7. Under Endpoint security, double-click the endpoint security setting that you want to use to apply the device control settings.
  8. On the Default policy page, check Device control and select the device control setting that you want to apply.
  9. Click Save to save the settings.