Control External Device
Disables prohibited devices on user PCs. Controls all devices physically connected to the system.
You can find USB flash drives, USB disk drives, external USB hard drives, printers, keyboards, mice, etc., in Device Manager.
- Disable or remove external devices
- Administrator decides whether to approve device usage applications received via agent
Note
For device usage application settings, please refer to Using Device Usage Application Form.
1. Create Device Group
- Device groups are a feature that defines a set of devices required for control. They can be used for blocking or as exceptions in policies.
- Go to Policy in the top menu.
- In the left Policy menu, go to Policy > Controlling External Device Policy > Device Group.
- Click Select Action > Create.
- In Basic Information, enter a unique ID Name. (e.g., "USB Storage Devices").
- In Condition Settings, enter the following:
- Class Name: "Some Name" found in Device Manager (e.g., Universal Serial Bus Controllers)
- Device Name: "Some Vendor Name" found in Device Manager information (e.g., USB Mass Storage Device)
- Device Description: "Description for Device" found in Device Manager details (property information)
- Removable Device Property: Option to select for removable device properties
- USB Manufacturer: Specify USB vendor name
- USB Model: Specify USB model name
- USB Serial: Specify USB serial number
- Click the Create button.
Configuration Example:
Note
For details on device groups, please refer to Checking Device Groups.
2. Create Controlling External Device Policy
- Controlling External Device Policy defines device groups to block or allow a target to perform device control.
- When the plugin is uploaded, basic device policies for output devices are provided as templates. (Controlling External Device Policy ID: Data Leakage Prevention)
- Go to Policy in the top menu.
- In the left Policy menu, go to Policy > Controlling External Device Policy.
- Click the Select Action > Create button.
- In Basic Information, enter a unique ID Name. (e.g., "USB Storage Policy")
- In Node Group Settings, click the Assign button and select the Node Group.
- In Blocked Device Settings, click the Assign button and select USB Storage Devices.
- Even if it's not a device group set in Step 1, you can select items defined as Basic Device Groups below.
- If there are separate devices among USB storage devices that you want to allow control for, you can create an exception group identically to Step 1. Create Device Group and assign it to Blocked Device Exception Settings.
- Click the Create button.
3. Configure Controlling External Device Plugin
- Go to Policy in the top menu.
- In the left Policy menu, go to Policy > Node Policy > Node Action.
- In the Node Action management window, find and click Controlling External Device.
- In Action Execution Settings > Controlling External Device Method, select Remove or Stop.
- Click the Modify button.
4. Add Agent Action to Node Policy
- Go to Policy in the top menu.
- In the left Policy menu, go to Policy > Node Policy.
- In the Node Policy window, click the desired Node Policy ID.
- Find Node Action Settings and click the Assign button.
- In the Available items, move Controlling External Device to the Selected items.
- Click the Add button.
- Click the Modify button.