Views:
Device Control permissions for storage devices are used when you:
  • Allow access to USB storage devices, CD/DVD, floppy disks, and network drives. You can grant full access to these devices or limit the level of access.
  • Configure the list of approved USB storage devices. Device Control allows you to block access to all USB storage devices, except those that have been added to the list of approved devices. You can grant full access to the approved devices or limit the level of access.
The following table lists the permissions for storage devices.

Device Control Permissions for Storage Devices

Permissions
Files on the Device
Incoming Files
Full access
Permitted operations: Copy, Move, Open, Save, Delete, Execute
Permitted operations: Save, Move, Copy
This means that a file can be saved, moved, and copied to the device.
Modify
Permitted operations: Copy, Move, Open, Save, Delete
Prohibited operations: Execute
Permitted operations: Save, Move, Copy
Read and execute
Permitted operations: Copy, Open, Execute
Prohibited operations: Save, Move, Delete
Prohibited operations: Save, Move, Copy
Read
Permitted operations: Copy, Open
Prohibited operations: Save, Move, Delete, Execute
Prohibited operations: Save, Move, Copy
List device content only
Prohibited operations: All operations
The device and the files it contains are visible to the user (for example, from Windows Explorer).
Prohibited operations: Save, Move, Copy
Block
(available after installing Data Protection)
Prohibited operations: All operations
The device and the files it contains are not visible to the user (for example, from Windows Explorer).
Prohibited operations: Save, Move, Copy
File-based scanning complements, and may override, the device permissions. For example, if the permission allows a file to be opened but the Trend Vision One Endpoint Security agent detects that the file is infected with malware, a specific scan action is performed on the file to eliminate the malware. If the scan action is Clean, the file opens after it is cleaned. However, if the scan action is Delete, the file is deleted.
The following table lists the permissions for mobile and non-storage devices managed by Data Protection.

Device Control Permissions for Mobile and Non-storage Devices

Permissions
Files on the Device
Incoming Files
Allow
Permitted operations: Copy, Move, Open, Save, Delete, Execute
Permitted operations: Save, Move, Copy
This means that a file can be saved, moved, and copied to the device.
Block
Prohibited operations: All operations
The device and the files it contains are not visible to the user (for example, from Windows Explorer).
Prohibited operations: Save, Move, Copy
Tip
Tip
Device Control for Data Protection supports all 64-bit platforms. For Unauthorized Change Prevention monitoring on systems that the Trend Vision One Endpoint Security agent does not support, set the device permission to Block to limit access to these devices.