Home » Understanding App Control
Applicable For Endpoint Central MSP 
 
 
On-PremisesCloud

Understanding Device Control

Table of contents

Endpoint Central's Device Control provides a robust layer of security by restricting the execution of unauthorized Devices. This document delves into the specifications of the agent processes and the core mechanisms behind Device Control, helping you understand how it safeguards your endpoints.

Specifications of Agent Processes

Agent Process Running Device Name Bandwidth Consumption (Approximately) CPU Consumption (Approximately) Memory Consumption (Approximately)
Device Control Service uesAgentService.exe N.A 0 - 0.5% 1 MB
Device Control Policy Processing dcconfig.exe 5 KB 0 - 1% 6 MB
Device Audit uesDevCtrlSummary.exe N.A. 0-3% 6 MB
File Audit Data Populator uesFaDataPopulator.exe N.A. 5-10% 12 MB
File Shadow uesFileShadow.exe N.A. 0-1.4% 1-1.5 MB
Component Upgrade dcconfig.exe 7.5 MB 0-1% 1 MB
File Audit uesFauser.exe N.A. 0-1% 2 MB

Device Discovery: Data Scanning

After agent installation, a one-time scan is initiated. It identifies and gathers details about all connected devices. Once completed, the collected data is made available in the web console.

Policy Deployment: Agent-Server Synchronization

Policy Deployment

When an Device Control policy is created, it is deployed in the following two options:

  • Deploy Immediately option: The policy is immediately pushed to and applied on agent machines that are currently online. For large CGs (over 200 machines), the policy is applied to 200 machines initially, with the rest following in the next refresh cycle.
  • Deploy option: The policy is scheduled for the next 90-minute refresh cycle.

Policy modifications, deletions, group changes, and unmanaged Device updates are synchronized with agent machines during refresh cycles. In environments with a Distribution Server, policies and configurations are replicated to the Distribution Server and then synchronized with agent machines during the 90-minute refresh cycle.

Policy Enforcement in Agent

The Device Control policy will be received by the agent and enforced by the kernel mode driver named dcfafilter. This driver monitors device connections and ensures that only authorized devices can be accessed according to the deployed policy. Audited and blocked device events will be posted in the 90-minute refresh cycle.

App Request

Device Control Conflict Precedence

When conflicting policies are applied to the same target group, The following is the order of precedence:

  1. Allow Temporary Access
  2. Allow Trusted Devices
  3. Allow Device Policy
  4. Block Device

For Example: If Removable Storage Devices is allowed with a policy and is blocked with another policy, storage device's will work in the target machine.

Temporary Access Request Workflow

When a user requests access to an untrusted Device, a request is immediately sent to the server for administrator approval. Once approved, the device will be accessible to the user immediately.

App Request

Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.
Back to Top