Device control settings use the Ivanti Endpoint Security service on managed devices. When the service receives notification from the OS that a new USB device has been inserted, the service applies a number of custom defined rules to decide whether or not the device is allowed. You can set up simple rules to allow only certain types of devices such as keyboards and mice, printers, and scanners. More complex rules might allow only secure storage devices of a given manufacturer, or exclude devices of a given manufacturer.
When an unauthorized device is detected, the Ivanti Endpoint Security service will:
- Remove the device from the Windows Device Manager so Windows won't see it any more. Any drivers for the device remain installed.
- In the case of an unauthorized USB device or volume, optionally display a configurable message to the user. For more information, see Creating custom messages when unauthorized devices/volumes are detected.