Using Device Control
This section provides information on how to use the Device Control module from the GravityZone Control Center.
Enable Device Control
To use Device Control, install the module on the endpoint and enable it in the policy applied to the endpoint.
For more information on how to install Device Control, refer to the installation section.
To enable Device Control on endpoints, follow these steps:
Log in to GravityZone Control Center.
Go to the Policies page from the left side menu.
Find the policy you are interested in and click its name to open it.
Go to the Device Control section.
Select the Device Control check box.
Click Save.
By default, Device Control allows all devices to connect to the endpoints. Therefore, to properly protect your endpoints you should configure the rules.
Configure Rules
Once Device Control is enabled, you can set up rules that determine whether a type of device is allowed on your network or not. Follow these steps to set up rules:
Select the type of device you want to set up from the Device Classes grid.
Select the permission from the drop-down list. You can choose between Allowed, Blocked, or Custom.
If you have selected the Custom option, you can set up permissions for a variety of sub-classes. For each sub-class, choose from the drop-down list between Allowed and Blocked.
Click Save.
Create Exclusions
Access the Exclusions section to add exceptions for devices available in your network . By adding exclusions you allow certain devices to become accessible in your network.
To start adding exclusions click the Add button and select from the drop-down the way in which you want to start adding the exclusions.
Select Manually to open the Add Exception window.
Select the type of exception, Device ID or Product ID.
Optionally, you can configure wildcard exclusions based on Device ID by using the
wildcards:deviceID
syntax.Use the question mark
(?)
to replace one character, and the asterisk (*
) to replace any number of characters in thedeviceID
.For example, for
wildcards:PCI\VEN_8086*
, all devices containing the stringPCI\VEN_8086
in their ID will be excluded from the policy rule.Click Save.
Select Add Exception from Discovered Devices from the drop-down list. This window displays all devices from endpoints with Device Control enabled.
Select the devices you want to exclude.
Click Save