Skip to main content

Using Device Control

This section provides information on how to use the Device Control module from the GravityZone Control Center.

Enable Device Control

To use Device Control, install the module on the endpoint and enable it in the policy applied to the endpoint.

For more information on how to install Device Control, refer to the installation section.

To enable Device Control on endpoints, follow these steps:

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. Find the policy you are interested in and click its name to open it.

  4. Go to the Device Control section.

  5. Select the Device Control check box.

  6. Click Save.

By default, Device Control allows all devices to connect to the endpoints. Therefore, to properly protect your endpoints you should configure the rules.

Configure Rules

Once Device Control is enabled, you can set up rules that determine whether a type of devices is allowed on your network or not. Follow these steps to set up rules:

  1. Select the type of device you want to set up from the Device Classes grid.

  2. Select the permission from the drop-down list. You can choose between Allowed, Blocked, or Custom.

  3. If you have selected the Custom option, you can set up permissions for a variety of sub-classes. For each sub-class, choose from the drop-down list between Allowed and Blocked.

  4. Click Save.

Create Exclusions

Access the Exclusions section to add exceptions for devices available in your network . By adding exclusiond you allow certain devices to become accesible in your network.

To start adding exclusions click the Add button and select from the drop-down the way in which you want to start adding the exclusions.

  1. Select Manually to open the Add Exception window.

  2. Select the type of exception, Device ID or Product ID.

  3. Optionally, you can configure wildcard exclusions based on Device ID by using the wildcards:deviceID syntax.

    Use the question mark (?) to replace one character, and the asterisk (*) to replace any number of characters in the deviceID.

    For example, for wildcards:PCI\VEN_8086*, all devices containing the string PCI\VEN_8086 in their ID will be excluded from the policy rule.

  4. Click Save.

From Discovered Devices
  1. Select Add Exception from Discovered Devices from the drop-down list. This window displays all devices from endpoints with Device Control enabled.

  2. Select the devices you want to exclude.

  3. Click Save