Permissions

Files on the Device

Incoming Files

Full access

Permitted operations: Copy, Move, Open, Save, Delete, Execute

Permitted operations: Save, Move, Copy

This means that a file can be saved, moved, and copied to the devices.

Modify

Permitted operations: Copy, Move, Open, Save, Delete

Prohibited operations: Execute

Permitted operations: Save, Move, Copy

Read and execute

Permitted operations: Copy, Open, Execute

Prohibited: Save, Move, Delete

Prohibited operations: Save, Move, Copy

Read

Permitted operations: Copy, Open

Prohibited operations: Save, Move, Delete, Execute

Prohibited operations: Save, Move, Copy

List device content only

Prohibited operations: All operations

The device and the files it contains are visible to the user (for example: Windows Explorer).

Prohibited operations: Save, Move, Copy

Block

(Not available for network drives)

Prohibited operations: All operations

The device and the files it contains are not visible to the user (for example: Windows Explorer).

Prohibited operations: Save, Move, Copy

TASK

DESCRIPTION

Add user rules

Add user rules "Create user rules to allow specified users access to restricted devices. The Allow Rules in the Users section override the settings configured on the Endpoint Settings tab.

Click Add Allow Rule and add user accounts to the rule. Windows local accounts and Active Directory accounts are supported."

View or change user rules

Click a name in the Rule column to open the Allow Rule screen.

Delete user rules

Select rules and click Delete.

Specify the permission for global Allowed USB Device List

"The permission in the USB Devices section applies when you select Block or Read for USB storage devices on the Endpoint Settings tab.

For more information on configuring the Allowed USB Device List, see Configuring the Global Allowed USB Device List.

Configure the Allowed Programs List

"In the Programs section, click Allowed Program List to configure a list of programs that Device Control does not restrict access on any device type.

For more information, see Configuring the Allowed Program List.

Using Device Control in Worry-Free Business Security Services (WFBS-SVC)

Product / Version includes:

Worry-Free Business Security Services6.5 , Worry-Free Business Security Services6.3 , Worry-Free Business Security Services6.6

Last updated: 2022/05/18

Solution ID: KA-0003278

Category: Configure

Summary

Device Control is a feature of WFBS-SVC that allows users to regulate access to connected USB devices.

This article shows you how configure Device Control, specifically on external storage devices.

To use the Device Control:

Log on to the WFBS-SVC console.
Click Security Agents and choose the group you want to configure under Manual Groups.
Choose Configure Policy.
Under the Windows tab, choose Device Control.
Toggle the slider to enable device control to and start using the feature.
Tick Block the autorun function on USB storage devices checkbox to block the autorun function in external devices and provide autorun protection.

Under the Permission dropdown menu, choose the desired permission level.

Refer to the table for the definition of permission levels.

Permissions	Files on the Device	Incoming Files
Full access	Permitted operations: Copy, Move, Open, Save, Delete, Execute	Permitted operations: Save, Move, Copy This means that a file can be saved, moved, and copied to the devices.
Modify	Permitted operations: Copy, Move, Open, Save, Delete Prohibited operations: Execute	Permitted operations: Save, Move, Copy
Read and execute	Permitted operations: Copy, Open, Execute Prohibited: Save, Move, Delete	Prohibited operations: Save, Move, Copy
Read	Permitted operations: Copy, Open Prohibited operations: Save, Move, Delete, Execute	Prohibited operations: Save, Move, Copy
List device content only	Prohibited operations: All operations The device and the files it contains are visible to the user (for example: Windows Explorer).	Prohibited operations: Save, Move, Copy
Block (Not available for network drives)	Prohibited operations: All operations The device and the files it contains are not visible to the user (for example: Windows Explorer).	Prohibited operations: Save, Move, Copy

Configure the exception list. This is only applicable if the device permission is not "Full Access".

TASK	DESCRIPTION
Add user rules	Add user rules "Create user rules to allow specified users access to restricted devices. The Allow Rules in the Users section override the settings configured on the Endpoint Settings tab. Click Add Allow Rule and add user accounts to the rule. Windows local accounts and Active Directory accounts are supported."
View or change user rules	Click a name in the Rule column to open the Allow Rule screen.
Delete user rules	Select rules and click Delete.
Specify the permission for global Allowed USB Device List	"The permission in the USB Devices section applies when you select Block or Read for USB storage devices on the Endpoint Settings tab. For more information on configuring the Allowed USB Device List, see Configuring the Global Allowed USB Device List.
Configure the Allowed Programs List	"In the Programs section, click Allowed Program List to configure a list of programs that Device Control does not restrict access on any device type. For more information, see Configuring the Allowed Program List.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Using Device Control in Worry-Free Business Security Services (WFBS-SVC)

Using Device Control in Worry-Free Business Security Services (WFBS-SVC)

Product / Version includes:

Summary