Managing permission rules and exclusions
Device Control allows managing device permissions as follows:
Note
Availability and functioning of this feature may differ depending on the license included in your current plan.
Rules
The Rules section allows defining the permissions for devices connected to the target endpoints.
To set permissions for the type of device that you want:
Go to Device Control > Rules.
Click the device name in the available table.
Select one permission type from the available options. The available set of permissions may vary according to the device type:
Allowed: the device can be used on the target endpoint.
Blocked: the device cannot be used on the target endpoint. In this case, each time the device is connected to the endpoint, the security agent will prompt a notification stating that the device has been blocked.
Important
Connected devices previously blocked are not automatically unblocked by changing the permission to Allowed. The user must restart the system or reconnect the device to be able to use it.
Read-Only: only the read functions can be used with the device.
Custom: define different permissions for each type of port from the same device, such as Firewire, ISA Plug & Play, PCI, PCMCIA, USB, etc. In this case, the list of components available for the selected device is displayed, and you can set the permissions that you want for each component.
For example, for External Storage, you can block only USB, and allow all the other ports to be used.
Exclusions
After setting the permission rules for different types of devices, you may want to exclude certain devices or product types from these rules.
You can define device exclusions:
By Device ID (or Hardware ID), to designate individual devices that you want to exclude.
By Product ID (or PID), to designate a range of devices produced by the same manufacturer.
To define device rule exclusions:
Go to Device Control > Exclusions.
Enable the Exclusions option.
Click the Add button at the upper side of the table.
Select the method you want to use for adding exclusions:
Manually - In this case, you need to enter each Device ID or Product ID that you want to exclude, provided you have at hand the list of appropriate IDs:
Select the exclusion type (by Product ID or by Device ID).
In the Exclusions field, enter the IDs that you want to exclude.
Note
Quotation marks are not required when entering the exclusion path.
In the Description field, enter a name that will help you identify the device or the range of devices.
Select the permission type for specified devices (Allowed or Blocked).
Click Save.
Note
You can manually configure wildcard exclusions based on Device ID, by using the syntax
wildcards:deviceID
. Use the question mark (?) to replace one character, and the asterisk (*) to replace any number of characters in thedeviceID
. For example, forwildcards:PCI\VEN_8086*
, all devices containing the stringPCI\VEN_8086
in their ID will be excluded from the policy rule.Exclusions based on wildcards are not supported on macOS.
From discovered devices - In this case, you can select the Devices IDs or Product IDs to exclude from a list of all discovered devices in your network (concerning the managed endpoints only):
Select the exclusion type (by Product ID or by Device ID).
In the Exclusions table, select the IDs that you want to exclude:
For Device IDs, select each device to exclude from the list.
For Product IDs, by selecting one device, you will exclude all the devices having the same Product ID.
In the Description field, enter a name that will help you identify the device or the range of devices.
Select the permission type for specified devices (Allowed or Blocked).
Click Save.
Important
Devices already connected to endpoints at the Bitdefender Endpoint Security Tools installation will be discovered only after restarting the corresponding endpoints.
Connected devices previously blocked are not automatically unblocked by setting an exception with the permission Allowed. The user must restart the system or reconnect the device to be able to use it.
All device exclusions will appear in the Exclusions table.
To remove an exclusion:
Select the exclusion in the table.
Click the Delete button at the upper side of the table.
The exclusion is deleted without requiring confirmation.