Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Device Control of Worry-Free Business Security (WFBS)

    • Updated:
    • 30 Jan 2015
    • Product/Version:
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Essential Business Server
    • Windows 2008 Server R2
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2011 Small Business Server Essentials
    • Windows 2011 Small Business Server Standard
    • Windows 2012 Enterprise
    • Windows 2012 Server Essentials
    • Windows 2012 Web Server Edition
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
Summary
Learn how to properly configure the Device Control of WFBS. 
Details
Public
To correctly configure Device Control:
  1. Log on to the WFBS console.
  2. Navigate to Security Settings.
  3. Select a desktop or server group.
  4. Click Configure.
  5. Click Device Control.
  6. Update the following as required:
    • Enable Device Control
    • Enable USB Autorun Prevention
    • Permissions: Set for both USB devices and network resources.
      Device Control Permissions
      PermissionsFiles on the DeviceIncoming Files
      Full accessPermitted operations: Copy, Move, Open, Save, Delete, ExecutePermitted operations: Save, Move, Copy.
      This means that a file can be saved, moved, and copied to the device.
      ModifyPermitted operations: Copy, Move, Open, Save, Delete
      Prohibited operations: Execute
      Permitted operations: Save, Move, Copy
      Read and executePermitted operations: Copy, Open, Execute
      Prohibited operations: Save, Move, Delete
      Prohibited operations: Save, Move, Copy
      ReadPermitted operations: Copy, Open
      Prohibited operations: Save, Move, Delete, Execute
      Prohibited operations: Save, Move, Copy
      No accessProhibited operations: All operations The device and the files it contains are visible to the user (for example, from Windows Explorer).Prohibited operations: Save, Move, Copy
    • Exceptions: If a user is not given read permission for a particular device, the user will still be allowed to run or open any file or program in the Approved List.
    However, if AutoRun prevention is enabled, even if a file is included in the Approved List, it will still not be allowed to run.
    To add an exception to the Approved List, enter the file name including the path or the digital signature and click Add to the Approved List.
    Specifying a Digital Signature Provider
    Specify a Digital Signature Provider if you trust programs issued by the provider. For example, type Microsoft Corporation or Trend Micro, Inc. You can obtain the Digital Signature Provider by checking the properties of a program. (e.g: right-click the program and select Properties)
    pccntmon.exe
    Digital Signature Provider for the Trend Micro security agent program (PccNTMon.exe)
    Specifying a Program Path and Name
    A program path and name should have a maximum of 259 characters and must only contain alphanumeric characters (A-Z, a-z, 0-9). It is not possible to specify only the program name.
    You can use wildcards in place of drive letters and program names. Use a question mark (?) to represent single-character data, such as a drive letter. Use an asterisk (*) to represent multi-character data, such as a program name.
    Important: Wildcards cannot be used to represent folder names. The exact name of a folder must be specified.
    Correct Usage of Wildcards:
    ExampleMatched Data
    ?:\Password.exeThe "Password.exe" file located directly under any drive.
    C:\Program Files\Microsoft\*.exeAny .exe file in C:\Program Files\Microsoft.
    C:\Program Files\*.*Any file in C:\Program Files that has a file extension.
    C:\Program Files\a?c.exeAny .exe file in C:\Program Files that has 3 characters starting with the letter "a" and ending with the letter "c".
    C:\*Any file located directly under the C:\ drive, with or without file extensions.
    Incorrect Usage of Wildcards:
    ExampleReason
    ??:\Buffalo\Password.exe?? represents two characters and drive letters only have a single alphabetic character.
    *:\Buffalo\Password.exe* represents multi-character data and drive letters only have a single alphabetic character.
    C:\*\Password.exeWildcards cannot be used to represent folder names. The exact name of a folder must be specified.
    C:\?\Password.exe
  7. Click Save.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1098248
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.