Tags
manually deploy Comodo EDR agent parent process multiple ticket selection selected tickets security events folder transfer discoveries network management remote folder TLS TLS1.2 pci dss pci compliance ITarian Portal Endpoint Manager vdi environment vdi clone environment instant clone documentation vendor notice security dashboard events resolution remote tool partner onboard itarian unknown file hunter TLS Encryption procedure parameters pass profiles history performance metrics real time remote endpoints download browse Subscriptions service URL Security Components system Global Software Inventory 2 minutes Integrate intagrate Active Directory Portable Interception SSL enable reporting Rule Threat Protection Rule Advance spam Customize archived outgoing incoming administrator validate domains add Antispam type PCI data loss Location Network information start software session extensions appoinments resource connection computers Comodo Rescue Disk infected opportunity opportunities custom relationship management quote COMODO-CRM protect mac device email notifications registry COM Quarantined point system restore msi contained applications processes security client events Release date department registration particular os section Two Factor Authentication Login interface dashboard report generate Direct Download Link One drive Google drive HIPS mode cleanup automatic suspicious suspicious certificates shellcode injection detect Elevated Access system user access default charging groups move current malware list store push IP address ip installer acronis auto-remediation server machine icon Product Logos Rebrand backup Device Control data Chromoting WebRTC ports Protocol skip offline manual time entries ticket assignee Help Guide Tour schedule Reschedule appointment unknown application protection virtual desktop Local Verdict server manage calculation cost configuration charging SD contract prepaid hours products classification inventory analyze Device list OS patches global search bar Tool bar Windows Defender Security Center file group white Citrix record SPF work billable time onsite email template template variables emails Gmail SMTP disable Add collaborators admin action Audit logs feature requests submit vote remotely Reset proxy swg secure web gateway dome error disk ticket detail page thread section tickets section internal notes Sub-help topic help topic features Application control white_list Patch Management child parent scheduled customized get to headers columns company restrict customer technician remote access list iOS devices field Reports iOS device APN Certificate MAC OS X options Linux block Comodo Client Communication (CCC) allow Comodo Client Security (CCS) network zones active component tray icon hide show packages additional install block port baseline installation package bulk implement restrict firewall endpoints security and communication global export virus import Database folders files define exclusions change staff admin rating check reassign assign permissions new role create for user of device enroll associated use how profile specific Removing Devices Uninstall windows profile Configuration templates latest version clients comodo file ratings monitoring script procedure custom All Devices Ratings Track widgets Agent valkyrie malware files Kill chain report automated establishing endpoint remote session Users prevent Android organization windows assets Mac OS billing identified threats Sort Closed inside Program executed containment service desk remote control Locally runs update scan antivirus SLA Business Hours control CCS Password access Client Auto Specific Device Response Application Third party Status View Logs intended devices alert fails Company Information Configure Verdict Patch Procedures Executable Comodo Internet Security ITSM Analysis Command Line Heuristic Filter Unrecognized Trusted File Rate Malicious Purge Calendar Device Exclusion USB Admin Panel Settings ticket Default system-wide Specific Path Details Monitor Multi Set Currency Connected Who Quick Actions Comparison Version Enterprise Managed Service Provider C1 Portal Remote management Comodo Remote Control ticket management staff panel assign tickets
More

How to restrict the external devices connected to the endpoints

Release Time
05/31/2018
Views
861 times
Category
Devices
Tags

INTRODUCTION:

ITarian provides the ability to control external device control. The “External devices control” profile section, allows you to block a different kind of external devices such as USB drives, Bluetooth devices, printers, and serial and parallel ports at the endpoints. Thus, it blocks every device that is mentioned in the control of the blocked devices. Admin can block list of devices while allowing particular external devices.

Please refer below steps to restrict required external devices:

STEP 1: Go to “Configuration Templates” ---> “Profiles”, Select the preferred profile from the list, to which you add the exclusions to the external devices.

STEP 2: Select the "External Devices Control" from the "Add Profile Section" drop-down list in the selected profile.

Now you can see the detailed Information about the external devices control.

The options in "External Devices Control" are explained below:

Enable Device Control - Only after enabling this option, we can block device of a client computer from accessing devices such as USB drives, Bluetooth devices, printers, serial ports and parallel ports .

Log detected devices - Enable this to get the logs generated. The logs will be available at "Security Sub-Systems" → "Device Control", where you can ensure whether the device is "Allowed" or "Blocked" from its status .

Show notifications when devices disabled or enabled - This option will be used to show up the notification in ITarian portal when the devices are disabled or enabled by using the external device control.

Blocked Device classes - This option will be used to manage the list of device classes to which you want to block the access of the external devices at the endpoints. For example- USB - Mass storage devices, Optical devices.

Exclusion - This option will be used to manage the list of device classes to which you want to allow the access to the external devices.  For example- Device custom name = "DESKTOP-IF9975O", Device ID = “USBSTOR\DiskHUAWEI__*”.


STEP 3: Select the "Blocked Device classes", Then click on the Add button for adding the device classes in the external device control profile.

Now, you can see the list of device class and class ID.

The available device classes are explained below:

USB storage device -The USB mass storage device class is a set of computing, communications protocols that make a USB device access to a host computing device and enables file transfers between the host and the USB device. To a host, the USB device acts as an external hard drive.

Human interface device-A human interface device or HID is a type of computer device usually used by humans that takes input from humans and gives output to humans.

Floppy Disks -A floppy disk is a type of disk storage composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic enclosure lined with fabric that removes dust particles. Floppy disks are read and written by a floppy disk drive (FDD).

1394 FireWire devices - 1394 FireWire devices are an interface standard for a serial bus for high-speed communications and isochronous real-time data transfer.

IDE ATA ATAPI controllers -IDE ATA ATAPI controllers are an interface standard for the connection of storage devices such as hard disk drives, floppy disk drives, and optical disc drives in computers.

Tape drives -A tape drive is a data storage device that reads and writes data on a magnetic tape. Magnetic tape data storage is typically used for offline, archival data storage.

CD / DVD drives - CD / DVD drives are a type of computer disk drive that reads and writes data from optical disks through laser beaming technology. This type of drive allows a user to retrieve, edit and delete the content from optical disks such as CD's, DVD's and Blu-ray disks.

Printing devices -A printer is a device that accepts text and graphics output from a computer and transfers the information to paper, usually to standard size sheets of paper.

PCMCIA - A PCMCIA card is a credit card-size memory or I/O device that connects to a personal computer, usually a notebook or laptop computer.

Imaging devices - Imaging devices are typically used to send photos to a PC which include digital still cameras (DSC's) and digital camcorders with embedded wireless LAN (WLAN) or wireless WAN digital cellular connections.

Infrared devices - Infrared devices is the use of wireless technology in devices or systems that convey data through infrared (IR) radiation.

Bluetooth devices - Bluetooth is a wireless technology standard for exchanging data over short distances using short-wavelength radio waves in the ISM band from 2.4 to 2.485 GHz) from fixed and mobile devices, and building personal area networks (PAN's)

SCSI - SCSI is most commonly used for hard disk drives and tape drives, but it can connect a wide range of other devices, including scanners and CD drives, although not all controllers can handle all devices.

Modem - A modem is a hardware device that allows a computer to send and receive data over a telephone line or a cable or satellite connection.

Smart card readers -A smart card reader is an electronic device that reads smart cards and can be found on the Some keyboards and internal drive bay.

Ports - A ports generally refer to the part of connection available for connection between one computer to peripherals like input and output. It has many uses, to connect a monitor, webcam, speakers, or other peripheral devices.

Network adapters - A network adapter is the component of a computer’s internal hardware that is used for communicating over a network with another computer. It can be used over a wired or wireless network.

Biometric - A Biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognizing the identity of a living person based on a physiological or behavioral characteristic.

Disk drives - A disk drive is a device for implementing a storage mechanism. Notable types are the hard disk drive containing a non-removable disk, the floppy disk drive and its removable floppy disk, and various optical disc drives and associated optical disc media.

Storage volumes - A storage volume is a single accessible storage area with a single file system, typically (though not necessarily) resident on a single partition of a hard disk. Although a volume might be different from a physical disk drive, it can still be accessed with an operating system's logical interface.

Portable devices - Portable devices are a computing device small enough to hold and operate with the hand. Typically, any handheld computing device will have an LCD flat screen interface, providing a touch screen interface with digital buttons and keyboard or physical buttons along with a physical keyboard.

STEP 4:  Select the equivalent check box for the Device class and its class id as per your needs and then click the "OK" button.
For example: Select USB storage devices, Printing devices, and Portable devices

Now you can see the detailed information of blocked device classes as below. 

Step 5: Click "Save" option, the External Devices Control has been successfully created with mentioned blocked device.

For example: USB storage devices, Printing devices, and the portable devices are created.

 

Step 6: To delete the device classes, select the equivalent check box of the device class and click "Delete" button.

 

Step 7: You can ensure whether the devices are blocked or allowed by clicking "Security Sub-Systems" → "Device Control".

The status of the hardware tells whether it is allowed or blocked.

For example: SanDisk Cruzer Blade USB Device and Redmi Note 5 Pro have status as "Blocked".

Note: This setting will be applied to the endpoints only when the profile is added to that particular endpoint.