Skip to main content

ON PREMISES SOLUTIONS

Operation

Use Device Control in GravityZone

This section provides information on how to use the Device Control module from the GravityZone control center.

Bitdefender GravityZone provides full visibility into organizations’ overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.

Install/Enable the Device Control

The Device Control module must be installed on the endpoint.

To install it on a fresh endpoint, when creating the installation package, check the Device Control box, and Save.

9905_1.png

The package, which can be used for manual and remote installs, will now install the Device Control module as well.

If BEST is already installed on the endpoint without the Device Control module, to install it from the GravityZone Control Center:

  1. Select the endpoint and right click Tasks > Reconfigure Client.

  2. Select the Device Control check box (along with the other modules that you want to install or keep on the endpoint).

Rules

With the Device Control is up and running, you can start setting it up from the GravityZone Control Center policies.

  1. Turn the module ON or OFF from Device Control > Rules.

    9905_2.png

  2. Select the type of device you want to set up from the Device Classes grid, and set its permission to Allowed, Blocked, or Custom.

    9905_3.png

    1. Choosing the Custom option will enable you to further set up permissions for variety of sub-classes.

      9905_4.png
Exclusions

Access the Exclusions section to add exceptions for devices available in your network.

9905_5.png

The exclusions can be added Manually or From Discovered Devices:

Manual exclusions:

  1. Click the Add button and select Manually to open the Add Exception window.

    9905_6.png

  2. Select the type of exception, Device ID or Product ID.

    9905_8.png

  3. Optionally, you can configure wildcard exclusions based on Device ID by using the wildcards:deviceID syntax.

    1. Use the question mark (?) to replace one character, and the asterisk (*) to replace any number of characters in the deviceID.

      For example, for wildcards:PCI\VEN_8086*, all devices containing the string PCI\VEN_8086 in their ID will be excluded from the policy rule.

Discovered Devices exclusions:

  1. Click the Add button and select From Discovered Devices to open the Add Exception from Discovered Devices window.

    9905_9.png

    This window contains all of the discovered devices from the machines which currently run BEST with the Device Control module installed and enabled.

  2. Select the devices you want added as exceptions and Save.

Install/Enable the Device Control

The Device Control module must be installed on the Endpoint. To install it on a fresh machine, when creating the installation package, check the Device Control box > Save. The package, wich can be used for manual and remote installs, will now install the Device Control module as well.

9905_1.png

If BEST is already installed on the machine without the Device Control module, to install it, from the GravityZone Control Center, select the machine in question -> right click > Tasks -> Reconfigure Client -> check the Device Control box (along with the other modules that you want to install or keep on the machine).

Introduction

Now that the Device Control is up and running on the machine, it can be configured from the GravityZone Control Center policies.

From Device Control -> Rules, the module can be turned ON or OFF (this checkmark does not uninstall the module).

9905_2.png

When selecting one of the Device Classes, the permission on it can be modified to Allow and Deny.

9905_3.png

Some of the Device Classes have a Custom option which allow you to Allow or Deny a number of subclasses.

9905_4.png

From the Device Control -> Exclusions tab, exceptions can be added for the devices from the network.

9905_5.png
How to add Exclusions

The exclusions can be added Manually or From Discovered Devices:

Manual exclusions:

Click on the Add button (from the upper-middle part of the screen) -> Manually and Add Exception window will appear.

9905_6.png
9905_7.png

The exception Type can added for Device ID or Product ID.

9905_8.png

Note

You can manually configure wildcard exclusions based on Device ID, by using the syntax wildcards:deviceID. Use the question mark (?) to replace one character, and the asterisk (*) to replace any number of characters in the deviceID. For example, for wildcards:PCI\VEN_8086*, all devices containing the string PCI\VEN_8086 in their ID will be excluded from the policy rule.

Discovered Devices exclusions:

Click on the Add button (from the upper-middle part of the screen) -> From Discovered Devices and a Add Exceptions from Discovered Devices window will appear. This window contains all of the discovered devices from the machines which currently run BEST with the Device Control module installed and enabled.

9905_9.png

Select the device(s) that need to be added as exceptions and Save.

In this section: