Device Control permissions for storage devices are used when you:
-
Allow access to USB storage devices, CD/DVD, floppy disks, and network drives. You can grant full access to these devices or limit the level of access.
-
Configure the list of approved USB storage devices. Device Control allows you to block access to all USB storage devices, except those that have been added to the list of approved devices. You can grant full access to the approved devices or limit the level of access.
The following table lists the permissions for storage devices.
Permissions |
Files on the Device |
Incoming Files |
---|---|---|
Full access |
Permitted operations: Copy, Move, Open, Save, Delete, Execute |
Permitted operations: Save, Move, Copy This means that a file can be saved, moved, and copied to the device. |
Modify |
Permitted operations: Copy, Move, Open, Save, Delete Prohibited operations: Execute |
Permitted operations: Save, Move, Copy |
Read and execute |
Permitted operations: Copy, Open, Execute Prohibited operations: Save, Move, Delete |
Prohibited operations: Save, Move, Copy |
Read |
Permitted operations: Copy, Open Prohibited operations: Save, Move, Delete, Execute |
Prohibited operations: Save, Move, Copy |
List device content only |
Prohibited operations: All operations The device and the files it contains are visible to the user (for example, from Windows Explorer). |
Prohibited operations: Save, Move, Copy |
Block (available after installing Data Protection) |
Prohibited operations: All operations The device and the files it contains are not visible to the user (for example, from Windows Explorer). |
Prohibited operations: Save, Move, Copy |
File-based scanning complements, and may override, the device permissions. For example, if the permission allows a file to be opened but the Security Agent detects that the file is infected with malware, a specific scan action is performed on the file to eliminate the malware. If the scan action is Clean, the file opens after it is cleaned. However, if the scan action is Delete, the file is deleted.
Device Control for Data Protection supports all 64-bit platforms. For Unauthorized Change Prevention monitoring on systems that the Security Agent does not support, set the device permission to Block to limit access to these devices.