Views:

Device Control regulates access to external storage devices and network resources connected to computers. Device Control helps prevent data loss and leakage and, combined with file scanning, helps guard against security risks.

You can configure Device Control policies for internal and external agents. Administrators typically configure a stricter policy for external agents.

Policies are granular settings in the Apex One agent tree. You can enforce specific policies to agent groups or individual agents. You can also enforce a single policy to all agents.

After you deploy the policies, agents use the location criteria you have set in the Endpoint Location screen (see Endpoint Location) to determine their location and the policy to apply. Agents switch policies each time the location changes.

Important:

The types of devices that Apex One can monitor depends on whether the Data Protection license is activated. Data Protection is a separately licensed module and must be activated before you can use it. For details about the Data Protection license, see Data Protection License.

Table 1. Devices Monitored by the Unauthorized Change Prevention Service

Device Type

Device Description

Storage Devices

CD/DVD

Important:

Device Control can only limit access to CD/DVD recording devices that use the Live File System format. Some third-party applications that use Master Format can still perform read/write operations even with Device Control enabled. Use Data Loss Prevention to limit access to CD/DVD recording devices that use any format type.

For details, see Blocking Access to Data Recorders (CD/DVD).

Floppy disks

Network drives

USB storage devices

Table 2. Devices Monitored by Data Loss Prevention

Device Type

Device Description

Mobile Devices

Mobile devices

Storage Devices

CD/DVD

Floppy disks

Network drives

USB storage devices

Non-storage Devices

Bluetooth adapters

COM and LPT ports

IEEE 1394 interface

Imaging devices

Infrared devices

Modems

PCMCIA cards

Print screen key

Wireless NICs