Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EPP
In the Device Control settings of a workstations and servers settings profile, you can control the behavior of protected Windows computers when they connect to a removable or mass storage device. You can select the device or devices you want to authorize or block, and specify their usage.
To configure device control:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Settings.
- From the left pane, select Workstations and Servers.
- Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
The Add Settings or Edit Settings page opens. - Enter a Name and Description for the profile, if required.
- Select Device Control.
- Enable the Enable Device Control toggle.
- For each type of device, specify the authorized use.
- Removable Storage Drives and CD/DVD Drives:
- Block – Computer cannot connect to the drive.
- Allow read access – Computer can read the drive.
- Allow read & write access – Computer and read and write to the drive.
- Bluetooth Devices, Mobile Devices, Imaging Devices, and Modems:
- Allow – Computer can connect to the device.
- Block – Computer cannot connect to the device.
- In the Allowed Devices section, add devices that you want to allow usage of with no restrictions.
- Click
.
The Add Devices dialog box opens. - Select the devices and computers you want to add to the allowlist.
- Click Add.
- Click
- To import a list of computers, click the options
menu, and select Import.
For information on how to create a list of device IDs to import, see Determine the Device Unique ID. - To prevent confusion, you can assign a custom name for a device.
- In the Allowed Devices list, select the computer or device.
- Click
. - Type a new name and click OK.
- Click Save.
- Select the profile and assign recipients, if required.
For more information, see Assign a Settings Profile.
