How Device Control block devices - WithSecure Community
<main>
<article class="userContent">
<p> </p>How Device Control block devices <p>This article applies to the following F-Secure products: Client Security, Policy Manager, PSB Portal and Computer Protection. </p> <p><strong>Hardware Identifiers</strong> </p> <div>In Windows, every device has a few sets of properties that can be used to identify the device or the class of the device. In the table below the properties are ordered by specificity from most specific to general. <div><table><colgroup><col></col><col></col></colgroup><tbody><tr><td><strong>Property</strong> </td> <td><strong>Description</strong> </td> </tr><tr><td>Device ID </td> <td>A device has only one device ID that is the most specific ID for a device. </td> </tr><tr><td>Hardware IDs </td> <td>A device can have multiple hardware IDs. They are also ordered by specificity. </td> </tr><tr><td>Compatible IDs </td> <td>List of general IDs for all devices of the same kind. </td> </tr><tr><td>Class </td> <td>A single GUID of device interface class. Every device has only one class. This is a registry key under <pre class="code codeBlock" spellcheck="false" tabindex="0">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class</pre> where device information are stored. There are list of common classes but some devices generates unique class. <p>For a list of universal Class IDs, click <a rel="nofollow" href="https://msdn.microsoft.com/en-us/library/windows/hardware/ff553426(v=VS.85).aspx">here</a>. </p> </td> </tr></tbody></table></div> </div> <p><strong>The algorithm</strong> </p> <div> <ol><li>Device Control subscribes to the system notification about hardware configuration changes. </li> <li>When configuration changed, Device Control enumerates all devices. </li> <li>For every device identifier checked starting from Device ID down to Class GUID. </li> <li> If matching rule found Device Control check the Access Level from the rule. </li> <li> If rule has <strong>Full access/Allow</strong> and device is blocked - Device Control remove block (enable the device). </li> <li>If rule has <strong>Blocked</strong> access level and device id not blocked - Device Control blocks (disable) the device. </li> <li>If access level match the current state of the device then no action is performed. </li> </ol></div> <p><strong>Alerts</strong> </p> <div> <ul><li>When the device is blocked for the first time, a flyer notification is shown to the current user. </li> <li>Policy Manager administrator gets the alert every time when the device is blocked. </li> </ul></div> <div id="related"> <strong>Related information</strong> <ul><li><a rel="nofollow" href="https://community.f-secure.com/common-business-en/kb/articles/5533">Device Control overview </a></li> <li><a rel="nofollow" href="https://community.f-secure.com/common-business-en/kb/articles/5517">Blocking device access using predefined rules </a></li> <li><a rel="nofollow" href="https://community.f-secure.com/business-suite-en/kb/articles/5637">Getting Hardware ID for a device </a></li></ul></div> <br>
</article>
</main>