Editing a device access rule
A device access rule is a group of settings that determine how users can access devices that are installed or connected to the computer. These settings include access to a specific device, an access schedule, and read or write permissions.
To edit a device access rule:
- In the main application window, click the button.
- In the application settings window, select Security Controls → Device Control.
- In the Access settings block, click the Devices and Wi-Fi networks button.
The opened window shows access rules for all devices that are included in the Device Control component classification.
Types of devices in the Device Control component
- In the Access To Storage Devices block, select the access rule that you want to edit. The block contains devices that have a file system for which you can configure additional access settings. By default, a device access rule grants all users full access to the specified type of devices at any time.
- In the Access column, select the appropriate device access option:
- Allow.
- Block.
- Depends on connection bus.
To block or allow access to a device, configure access to the connection bus.
- By rules.
This option lets you configure user rights, permissions, and a schedule for device access.
- In the Users' rights block, click the Add button.
This opens a window for adding a new device access rule.
Device Control rule settings
- Assign a priority to the rule. A rule includes the following attributes: user account, schedule, permissions (read/write), and priority.
A rule has a specific priority. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. Kaspersky Endpoint Security allows to assign priority from 0 to 10,000. The higher the value, the higher the priority. In other words, an entry with the value of 0 has the lowest priority.
For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 1 for the administrators group and assign a priority of 0 for the Everyone group.
The priority of a block rule is higher than the priority of an allow rule. In other words, if a user has been added to multiple groups and the priority of all rules are the same, Kaspersky Endpoint Security regulates device access based on any existing block rule.
- Set the Enabled status for the device access rule.
- Configure users' device access permissions: read and/or write.
- Select the users or group of users to whom you want to apply the device access rule.
- Configure a device access schedule for users.
- Click Add.
- In the Access column, select the appropriate device access option:
- In the Access To External Devices block, select the rule and configure access: Allow, Block, or Depends on connection bus. If necessary, configure access to the connection bus.
- In the Access to Wi-Fi networks block, click the Wi-Fi link and configure access: Allow, Block, or Block with exceptions. If necessary, add Wi-Fi networks to the trusted list.
Wi-Fi access settings
- Save your changes.