This article describes the difference between AEGIS (Behavior Monitoring) and Data Loss Prevention SDK in OfficeScan.
AEGIS (TMBMSRV.exe) can control the file permission — Full control, Modify, Read and execute, Read, List device content only.
DLP Lite (dsagent.exe) can only allow or block a supported device:
AEGIS and DLP permission options are combined in OfficeScan 10.6. The former controls the File Permission for each device.
Refer to the following screenshots for an example:
The permission List device content only is selected for USB storage devices.
Clients can view such devices in the computer but will not be able to read or modify files from/of it.
Generally, Device Control disables devices silently. The only exception to this is for USB devices which trigger a security alert as shown in the opposite column:
For the other devices, the only indicator is that their status in Device Manager shows disabled.