Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Using Device Control in Worry-Free Business Security Services (WFBS-SVC)

    • Updated:
    • 10 Sep 2019
    • Product/Version:
    • Worry-Free Business Security Services 5.7
    • Worry-Free Business Security Services 6.1
    • Worry-Free Business Security Services 6.2
    • Worry-Free Business Security Services 6.3
    • Worry-Free Business Security Services 6.5
    • Worry-Free Business Security Services 6.6
    • Platform:
    • N/A N/A
Summary

Device Control is a feature of WFBS-SVC that allows users to regulate access to connected USB devices.

This article shows you how configure Device Control, specifically on external storage devices.

Details
Public

To use the Device Control: 

  1. Log on to the WFBS-SVC console.
  2. Click Security Agents and choose the group you want to configure under Manual Groups.
  3. Choose Configure Policy.
  4. Under the Windows tab, choose Device Control
  5. Toggle the slider to enable device control to and start using the feature.

  6. Tick Block the autorun function on USB storage devices checkbox to block the autorun function in external devices and provide autorun protection.

    block the autorun function

  7. Under the Permission dropdown menu, choose the desired permission level.

    Choose permission level

    Refer to the table for the definition of permission levels.

    PermissionsFiles on the DeviceIncoming Files
    Full accessPermitted operations: Copy, Move, Open, Save, Delete, ExecutePermitted operations: Save, Move, Copy

    This means that a file can be saved, moved, and copied to the devices.
    ModifyPermitted operations: Copy, Move, Open, Save, Delete

    Prohibited operations: Execute
    Permitted operations: Save, Move, Copy
    Read and executePermitted operations: Copy, Open, Execute

    Prohibited: Save, Move, Delete
    Prohibited operations: Save, Move, Copy
    ReadPermitted operations: Copy, Open

    Prohibited operations: Save, Move, Delete, Execute
    Prohibited operations: Save, Move, Copy
    List device content onlyProhibited operations: All operations

    The device and the files it contains are visible to the user (for example: Windows Explorer).
    Prohibited operations: Save, Move, Copy
    Block

    (Not available for network drives)
    Prohibited operations: All operations

    The device and the files it contains are visible to the user (for example: Windows Explorer).
    Prohibited operations: Save, Move, Copy
  8. Configure the exception list. This is only applicable if the device permission is not "Full Access".

    TASKDESCRIPTION
    Add user rules

    Add user rules "Create user rules to allow specified users access to restricted devices. The Allow Rules in the Users section override the settings configured on the Endpoint Settings tab.

    Click Add Allow Rule and add user accounts to the rule. Windows local accounts and Active Directory accounts are supported."

    View or change user rulesClick a name in the Rule column to open the Allow Rule screen.
    Delete user rulesSelect rules and click Delete.
    Specify the permission for global Allowed USB Device List

    "The permission in the USB Devices section applies when you select Block or Read for USB storage devices on the Endpoint Settings tab.

    For more information on configuring the Allowed USB Device List, see Configuring the Global Allowed USB Device List.

    Configure the Allowed Programs List

    "In the Programs section, click Allowed Program List to configure a list of programs that Device Control does not restrict access on any device type.

    For more information, see Configuring the Allowed Program List.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1095518
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.