In this section, you can configure restrictions to access to certain devices or device buses and configure black and white lists.
|
Hardware access settings are applied for all Windows accounts. |
Figure 28. Devices lock settings
Devices
To block access to data on removable media (USB flash, floppy, CD/DVD, ZIP drives, etc.), enable the appropriate option. To block sending jobs to printers, enable the Block sending jobs to printers option. This option is disabled by default. You can also block data transfer over network (LAN and the Internet).
Infected USB devices can be identified by your computer as a keyboard. If you want Dr.Web to check whether the connected USB device is a keyboard, enable the Notify on BadUSB vulnerable devices detected as a keyboard option.
Device classes and buses
This function allows to block one or several device classes on all the buses and also to block all the devices connected to one or several buses. Device classes are all devices that perform the same functions (e.g., printing devices). Device buses are communication subsystems for transferring data between functional units of the computer (for example, the USB).
To block access to specified device classes or buses, enable the appropriate option. Click the Edit button to make a list of such objects. In the open window, you can select device classes or buses that you want to restrict access to.
Configuration of the list of blocked device classes
1.To block access to the device class completely, click 
in the Blocked classes column.
2.In the open list, select the classes you want to block and click OK. The selected device classes will be blocked on all device buses. Only the classes that are not blocked are listed.
3.To unblock the device class, in the Device classes and buses window, select the necessary class and click 
.
To configure the list of blocked device buses
1.To block the entire bus or some devices on the device bus click in the Blocked device buses column.
2.In the open window, select necessary device classes. To block the entire bus, select all classes in the list. Click OK.
3.To unblock the bus, in the Device classes and buses window select the bus and click .
4.To edit the list of blocked classes on a specific bus, click 
.
|
To block the device connected before the function activation, it is required to reconnect the device or to reboot the system. The access blocking function affects only devices connected after its activation. |
White list of devices
After you restricted access to some device classes or buses, you can allow access to certain devices by adding them to the white list. You can also add a certain device to the white list if you do not want it to be checked for BadUSB vulnerability.
To add a device to the white list
1.Enable the option White list of devices (the option becomes available if restrictions are set).
2.To configure the list of devices, click Edit.
3.Make sure that the device is connected to the computer.
4.Click . In the open window, click Browse and select the device. You can use a filter to view only connected or only disconnected devices in the table. Click OK.
5.You can configure access rules for devices with file systems. For that, from the Rule column, select one of the following modes: Allow all or Read-only. To add a new rule for a specific user, click . To delete a rule, click .
6.To save the changes, click OK. To close the window without saving the changes, click Cancel. The white list of devices opens.
7.To edit a rule set, select it from the list and click .
8.To remove a rule set, select it from the list and click .