-
Allow access to USB storage devices, CD/DVD, floppy disks, and network drives. You can grant full access to these devices or limit the level of access.
-
Configure the list of approved USB storage devices. Device Control allows you to block access to all USB storage devices, except those that have been added to the list of approved devices. You can grant full access to the approved devices or limit the level of access.
The following table lists the permissions for storage devices.
Device Control Permissions for Storage Devices
Permissions
|
Files on the Device
|
Incoming Files
|
Full access
|
Permitted operations: Copy, Move, Open, Save, Delete,
Execute
|
Permitted operations: Save, Move, Copy
This means that a file can be saved, moved, and
copied to the device.
|
Modify
|
Permitted operations: Copy, Move, Open, Save, Delete
Prohibited operations: Execute
|
Permitted operations: Save, Move, Copy
|
Read and execute
|
Permitted operations: Copy, Open, Execute
Prohibited operations: Save, Move, Delete
|
Prohibited operations: Save, Move, Copy
|
Read
|
Permitted operations: Copy, Open
Prohibited operations: Save, Move, Delete, Execute
|
Prohibited operations: Save, Move, Copy
|
List device content only
|
Prohibited operations: All operations
The device and the files it contains are visible to
the user (for example, from Windows Explorer).
|
Prohibited operations: Save, Move, Copy
|
Block
(available after installing Data Protection)
|
Prohibited operations: All operations
The device and the files it contains are not visible to
the user (for example, from Windows Explorer).
|
Prohibited operations: Save, Move, Copy
|
File-based scanning complements, and may override, the device
permissions. For example, if the permission allows a file to be opened but the Trend Vision One Endpoint Security agent detects that
the file is infected with malware, a specific scan action is performed on the file
to eliminate
the malware. If the scan action is Clean, the file opens after it is cleaned. However,
if the
scan action is Delete, the file is deleted.
The following table lists the permissions for mobile and non-storage devices managed
by
Data Protection.
Device Control Permissions for Mobile and Non-storage Devices
Permissions
|
Files on the Device
|
Incoming Files
|
Allow
|
Permitted operations: Copy, Move, Open, Save, Delete,
Execute
|
Permitted operations: Save, Move, Copy
This means that a file can be saved, moved, and copied
to the device.
|
Block
|
Prohibited operations: All operations
The device and the files it contains are not visible to
the user (for example, from Windows Explorer).
|
Prohibited operations: Save, Move, Copy
|
TipDevice Control for Data Protection supports all 64-bit platforms. For
Unauthorized Change Prevention monitoring on systems that the Trend Vision One Endpoint Security agent does not
support, set the device permission to Block to limit access to these
devices.
|