Device control (Windows computers)

Popular devices such as USB flash drives, CD/DVD drives, imaging and Bluetooth devices, modems, and smartphones can become a gateway for infections.

The device control feature enables you to control the behavior of protected Windows computers when they connect to a removable or mass storage device. You can select the device or devices you want to authorize or block, and specify their usage.

Enabling device control

  • Enable the Enable device control toggle.

  • For each type of device, specify the authorized use.

    • In the case of USB flash drives and CD/DVD drives, you can choose among Block, Allow read access, or Allow read & write access.

    • The options available for Bluetooth and imaging devices, USB modems, and smartphones are Allow and Block.

Allowed devices

This section enables you to configure an allowlist of specific devices you want to allow despite belonging to a blocked device category.

  • Click the icon in the Allowed devices section to show a list of all devices connected to the computers on your network.

  • Select those devices you want to exclude from your previously configured general blocking rules.

  • Use the button to delete existing exclusions.

Exporting and importing a list of allowed devices

Use the Export and Import options available from the context menu .

Determining a device unique ID

To manage a specific device without having to wait for a user to connect it to their computer, or to exclude it manually, you need to determine the device ID:

  • Open Windows Device Manager. Select the device you want to obtain the ID for. Right-click the device name and select Properties.

  • Select the Details tab.

  • From the Property drop-down list, select Device Instance Path. The Value box displays the device unique ID.

If no value appears in Device Instance Path, you are not able to obtain the device ID. You can instead use the Device Hardware ID to identify it:

  • To display the Device Hardware ID, from the Property drop-down list, select Hardware IDs.

A device Hardware ID does not identify it uniquely. It identifies all devices of the same hardware type.

In a text file, add the IDs of the devices you want to allow, as indicated in Exporting and importing a list of allowed devices

Renaming devices

The name assigned to a computer’s devices by Advanced EDR can sometimes lead to confusion or prevent you from correctly identifying them. To resolve this issue, you can assign custom names to devices:

  • From the Allowed devices section, select the device you want to rename.

  • Click the icon. A window appears requesting you to enter a new name for the device.

  • Click OK. The Allowed devices list is updated with the new name.