Device Control for Windows endpoints allows for the administration of external devices interacting with agents. This option is useful for limiting how users may transmit sensitive information to third-party devices, as well as protecting the endpoint from potential third-party threats.
Device Control requires VIPRE Cloud Agent version 13.2 or higher.
Introducing Device Control
Endpoint Security - Device Control Comparison
The table below compares Device Control between VIPRE Endpoint Security Server and our VIPRE Cloud products.
Device Control | EDR , EDR+MDR, and Endpoint Security Cloud |
---|---|
CD/DVD Drives | ✅ |
Removable Drives (e.g., USB drives) | ✅ |
Mobile Devices | ✅ |
Floppy Drives | ❌ |
Important
Device Control is a powerful feature that requires low-level access to device drivers. Because of this integration, Device Control can be incompatible with certain device drivers, particularly older versions. We recommend testing Device Control carefully on target systems before production deployment.
Configure Device Control
Use the steps below to configure different aspects of Device Control.
Enable Device Control
- From within the VIPRE Cloud console, on the left-side blue menu, under MANAGE, select Policies
- Choose your desired Windows policy
- Under the Agent tab, scroll down and click the checkbox to enable Device Control
- Select Save at the top
Device Control is now enabled in your policy. Remember that policy changes can take up to two minutes to update on your agent endpoints.
Device Control Exclusions
Create a new custom exclusion list or select an existing custom exclusion list.
- Click +Add Exclusion at the top-right corner of the screen
- Select Device
-
Choose to exclude device by Type or Specific Type
-
If you've chosen Type:
- Select the desired category (CD/DVD or Removable drives)
- Select the desired Bus (Any, ATA IDE, Firewire, SCSI, USB, PCMCIA)
-
If you've chosen Specific Type:
- Select the desired category (CD/DVD or Removable drives)
- Add value to Hardware ID (see example in text box)
- Add value to Serial ID (see example in text box)
-
If you've chosen Type:
Hardware ID and Serial ID details can be copied from the Device Control Report and pasted here to add an exclusion for a specific device. This is helpful, for example, when you've set a broad Device Control policy to block all removable drives but still require at least one particular endpoint to access a specific USB flash drive.
- Click Add
You can also add exclusions from the Device Control report. Continue reading below to learn more.
Device Control Reports
To add exclusions from the Device Control Report, select a specific event and click Add to Exclusion.
This will bring up the option to add the exclusion to an existing Exclusion Group or to create a new list. Once you select your desired exclusion list, you'll notice that Category, Hardware ID, and Serial ID are automatically filled in based on the device in the event you selected in the Device Control Report.
Review the auto-filled information and click Add when ready.