Device Control
The Device Control module allows preventing the sensitive data leakage and malware infections via external devices attached to endpoints, by applying blocking rules and exclusions via policy to a vast range of device types.
Note
This module is available for:
Windows for workstations
Windows for servers
macOS
Important
For macOS, Device Control relies on a system extension, which requires user's approval on endpoint.
The system notifies the user that a system extension from Bitdefender was blocked. User can allow it from Security & Privacy preferences. Until the user approves the Bitdefender system extension, this module does not work and the BEST user interface shows a warning message.
To eliminate user intervention, you can pre-approve the Bitdefender extension by whitelisting it using a Mobile Device Management tool. See details about Bitdefender extensions.
To use the Device Control module, you need at first to include it in the security agent installed on target endpoints, then to enable the Device Control option in the policy applied to these endpoints.
After that, each time a device is connected to a managed endpoint, the security agent will send information regarding this event to Control Center, including the device name, class, ID and the connection date and time.
In the following table, you can find the types of devices supported by Device Control on Windows and macOS systems:
Device Type | Windows | macOS |
|---|---|---|
Bluetooth | Yes | Yes |
CD-ROM Drive | Yes | Yes (optical) |
Floppy Disk Drive | No | No |
IEEE 1284.4 | No | No |
IEEE 1394 (FireWire) | No | Supported on macOS versions before Big Sur |
Imaging | Yes | Phones with PTP connection, built-in camera |
Modem | No | No |
Tape Drive | No | No |
Windows Portable | Yes | Phones wth MTP connection |
COM/LPT Ports | No | No |
SCSI Raid | No | No |
Printers | Yes | Only printers locally connected |
Network Adapter | Yes | Yes |
Wireless Network Adapter | Yes | Yes |
Internal Storage | Yes | No |
External Storage | Yes | Yes (Thunderbolt supported on macOS versions before Big Sur) |
Note
On macOS, if the Custom permission is selected for a specific device class, only the permission configured for the Other subcategory will apply.
On Windows and macOS, Device Control allows or denies access to the entire Bluetooth adapter at the system level, according to the policy. There is no possibility of setting granular exclusions per paired device.