Skip to main content

Device Control

The Device Control module allows preventing the sensitive data leakage and malware infections via external devices attached to endpoints, by applying blocking rules and exclusions via policy to a vast range of device types.


This module is available for:

  • Windows for workstations

  • Windows for servers

  • macOS


For macOS, Device Control relies on a system extension, which requires user's approval on endpoint.

The system notifies the user that a system extension from Bitdefender was blocked. User can allow it from Security & Privacy preferences. Until the user approves the Bitdefender system extension, this module does not work and the BEST user interface shows a warning message.

To eliminate user intervention, you can pre-approve the Bitdefender extension by whitelisting it using a Mobile Device Management tool. For details about about Bitdefender extensions, refer to Bitdefender system extension blocked in macOS.

To use the Device Control module, you need at first to include it in the security agent installed on target endpoints, then to enable the Device Control option in the policy applied to these endpoints. After that, each time a device is connected to a managed endpoint, the security agent will send information regarding this event to Control Center, including the device name, class, ID and the connection date and time.