From version 6.0, Endpoint Protection incorporates a Device Control technology. This technology protects computers against malware coming from external devices, and increases productivity by preventing improper use of those media.
The Device Control technology allows network administrators to improve productivity by enforcing policies (deny access, force read-only access, etc.) on multiple device types (USB flash drives, digital cameras, DVDs and more). These policies are defined for each PC. Blocked actions will be shown in the Endpoint Protection reports.
The Device Control protection is disabled by default. If the administrator wants to use it, they must enable it through the administration console.
This feature lets administrators restrict users from connecting and using a variety of external devices.
These are the available options for each device type:
Block all actions.
Allow read access.
Allow read & write access.
If the protection detects that you have connected a device not allowed for the computer's security profile, a warning is displayed informing you that you do not have permission to access it.
The connected device appears in the My Computer directory, but a warning message is displayed if you double-click it. The warning message will indicate that you do not have permission to write to it.