Yes, you can disable auto-play under the device access control settings. It is recommended to disable it when you are creating a policy to allow a particular device type so as to prevent automatic file launching when a device is connected.
Polices that are created and mapped to a computer but have not been deployed yet are called associated policies. While, polices that have been deployed successfully to the computers are called applied policies.
Device Control Plus supports Windows 7/Windows8/Windows 8.1/Windows 10 and Windows 11.
Device Control Plus works on set and forget policy and hence you do not have to worry about updating it frequently. Once you have created the policies to control the devices, all you have to do is just monitor your computers.
The audit log for blocked devices will be available in a report called 'Unauthorized Devices' which can be accessed from under the 'Reports' tab.
Device Control Plus allows you to view all the files that are transferred in and out of your network. However, you can view file transfers based on file extensions and file extension groups on the dashboard which displays the top five extensions that were frequently transferred in and out of your computer.
Device Control Plus will allow you to control the type of files and the size of files that can be transferred from your computer to a connected USB or peripheral device.
To receive blocked device details at server, you have to configure the Device audit settings wherein, you can specify the email IDs at which you want to receive the details. You may also enable or disable receiving reports for each and every policy based on your preference.
Yes, you can. You can grant temporary access to devices that are present both inside and outside your network.target machines based on system type such as laptops and desktops. You can also create a custom group with system type as criteria.
Consider an instance where you have create two different policies for the same computer. Let's assume that you have allowed USB devices in one policy and blocked in the other. Device Control Plus, the prioritizes device access levels in the following fashion : Allow devices > Allow trusted devices > Blocked devices.
Device Control Plus supports computers running on Windows and Mac operating systems.
The complete device and file activities list will be available in the reports section from anywhere after 6 to 24 hours of the action. However, you can receive the blocked device details immediately at server if you have configured the same.
There are a plethora of vulnerabilities that can be fixed by a software patch. But, in order to address cyber attacks due to removable media it is highly important to secure your endpoints from the port level. Device control plus allows you control, block and monitor the devices that connect to your endpoints.
Yes, Device Control Plus agents can be installed in endpoints by creating and deploying a package via SCCM. For detailed steps, refer here.
Navigate to 'Create Policy' > 'Removable Storage Device' > 'Advanced Settings.' Then click the option 'Allow access only for BitLocker encrypted devices.'
Create two policies for the device type 'Removable storage media.' One policy is for the all devices which need not be encrypted; they should be added to a trusted devices list. Another policy should be for just allowed devices and in 'Advanced settings,' the option for enabling access for only BitLocker encrypted devices should be selected. Save and associate both policies to the same custom group.
When an endpoint is included in multiple policies, the policies with Allow access will take precedence.
The order of priority when multiple file access settings policies are deployed to an endpoint is as follows, (from left, being high priority, to right, being low priority)
Allow Temporary Access > Allow Trusted Device > Allow Device policy > Block Device.
To revoke a policy, the endpoint should be excluded from the Custom Group. Thus, in the next refresh cycle (default interval - 90 mins) when the agent communicates with the server, the policy will be revoked for the specific endpoint.
When you block wireless devices, the managed computer(s) cannot access the internet via Wi-Fi. To access the network, the computer(s) with wireless block policy should be connected to the internet via LAN. To manage the computer(s) via Wi-Fi, the wireless block policy should be revoked from the said computer(s).