Device access management through Device Control
Prevent data leaks and malware infections by managing access to devices connected to your target endpoints. You can manage device access through rules and exclusions via policy.
You need the Device Control module to manage device access. For more information, refer to the GravityZone Installation Guide.
Device Rules
Set rules to manage device access.
To set device rules:
- Log in to GravityZone web console.
- Go to the Policies section.
- Find the policy assigned to your target endpoints and click its name to edit it.
- Navigate to Device Control > Rules and select the toggle to turn on the feature.
- Click a device class to configure a rule.
- Select a permission type as follows:
- Allowed: the device can be used on the target endpoint.
- Blocked: the device cannot be used on the target endpoint.
- Read-Only: only the read functions can be used with the device.
- Custom: define different permissions for each type of port from the same device, such as Firewire, ISA PnP, PCI, PCMCIA, USB.
- Click Save.
The rule is saved to your policy.
Device Exclusions
Set exclusions for trusted devices by:
- Device ID (Hardware ID) individually.
- Product ID (PID) collectively. For example, you can set an exclusion for devices made by the same manufacturer.
To define device exclusions:
- Log in to GravityZone web console.
- Go to the Policies section.
- Find the policy assigned to your target endpoints and click its name to edit it.
- Navigate to Device Control > Exclusions and select the associated toggle to turn on the feature.
- Click Add at the upper side of the table.
- Select the exclusion method:
- Manually by entering device details as follows:
- Select the exclusion type (Device ID or Product ID).
- In the Exceptions field, enter the device or product ID that you want to exclude.
- In the Description field, enter a name of your choice.
- Select the Permission type (Allowed or Blocked).
- Click Save.
The exclusion is saved to your policy.
- From Discovered Devices, by selecting devices from a list provided through discovery:
- Select the exclusion type (Device ID or Product ID).
- In the Exclusions field, enter the device or product ID that you want to exclude.
- In the Description field, enter a name of your choice.
- Select the Permission type (Allowed or Blocked).
- Click Save.
The exclusion is saved to your policy.
- Manually by entering device details as follows:
To remove a device exclusion:
- Go to the Policies section.
- Find the policy assigned to your target endpoints and click its name to edit it.
- Navigate to Device Control > Exclusions.
- Select the device exclusion that you want to delete.
- Click Delete at the upper side of the table.
- Confirm your action.
The exclusion is deleted.