- Log on to the WFBS console.
- Navigate to Security Settings.
- Select a desktop or server group.
- Click Configure.
- Click Device Control.
- Update the following as required:
However, if AutoRun prevention is enabled, even if a file is included in the Approved List, it will still not be allowed to run.To add an exception to the Approved List, enter the file name including the path or the digital signature and click Add to the Approved List.Specifying a Digital Signature ProviderSpecify a Digital Signature Provider if you trust programs issued by the provider. For example, type Microsoft Corporation or Trend Micro, Inc. You can obtain the Digital Signature Provider by checking the properties of a program. (e.g: right-click the program and select Properties)Digital Signature Provider for the Trend Micro security agent program (PccNTMon.exe)Specifying a Program Path and NameA program path and name should have a maximum of 259 characters and must only contain alphanumeric characters (A-Z, a-z, 0-9). It is not possible to specify only the program name.You can use wildcards in place of drive letters and program names. Use a question mark (?) to represent single-character data, such as a drive letter. Use an asterisk (*) to represent multi-character data, such as a program name.Important: Wildcards cannot be used to represent folder names. The exact name of a folder must be specified.Correct Usage of Wildcards:
- Enable Device Control
- Enable USB Autorun Prevention
- Permissions: Set for both USB devices and network resources.
Device Control Permissions Permissions Files on the Device Incoming Files Full access Permitted operations: Copy, Move, Open, Save, Delete, Execute Permitted operations: Save, Move, Copy.
This means that a file can be saved, moved, and copied to the device.
Modify Permitted operations: Copy, Move, Open, Save, Delete
Prohibited operations: Execute
Permitted operations: Save, Move, Copy Read and execute Permitted operations: Copy, Open, Execute
Prohibited operations: Save, Move, Delete
Prohibited operations: Save, Move, Copy Read Permitted operations: Copy, Open
Prohibited operations: Save, Move, Delete, Execute
Prohibited operations: Save, Move, Copy No access Prohibited operations: All operations The device and the files it contains are visible to the user (for example, from Windows Explorer). Prohibited operations: Save, Move, Copy
- Exceptions: If a user is not given read permission for a particular device, the user will still be allowed to run or open any file or program in the Approved List.
Example Matched Data ?:\Password.exe The "Password.exe" file located directly under any drive. C:\Program Files\Microsoft\*.exe Any .exe file in C:\Program Files\Microsoft. C:\Program Files\*.* Any file in C:\Program Files that has a file extension. C:\Program Files\a?c.exe Any .exe file in C:\Program Files that has 3 characters starting with the letter "a" and ending with the letter "c". C:\* Any file located directly under the C:\ drive, with or without file extensions.Incorrect Usage of Wildcards: Example Reason ??:\Buffalo\Password.exe ?? represents two characters and drive letters only have a single alphabetic character. *:\Buffalo\Password.exe * represents multi-character data and drive letters only have a single alphabetic character. C:\*\Password.exe Wildcards cannot be used to represent folder names. The exact name of a folder must be specified. C:\?\Password.exe
- Click Save.
Need More Help?
Create a technical support case if you need further support.
Configuring Device Control of Worry-Free Business Security (WFBS)
- Worry-Free Business Security Standard/Advanced 8.0
- Worry-Free Business Security Standard/Advanced 9.0
- Windows 2003 Enterprise
- Windows 2003 Server R2
- Windows 2003 Small Business Server
- Windows 2003 Small Business Server R2
- Windows 2003 Standard
- Windows 2008 Enterprise
- Windows 2008 Essential Business Server
- Windows 2008 Server R2
- Windows 2008 Small Business Server
- Windows 2008 Standard
- Windows 2011 Small Business Server Essentials
- Windows 2011 Small Business Server Standard
- Windows 2012 Enterprise
- Windows 2012 Server Essentials
- Windows 2012 Web Server Edition
- Windows 7 32-bit
- Windows 7 64-bit
- Windows 8 32-bit
- Windows 8 64-bit
- Windows Vista 32-bit
- Windows Vista 64-bit
- Windows XP Professional
Thank you for your feedback!