Configure Device Control (Windows Computers)

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EPP

In the Device Control settings of a workstations and servers settings profile, you can control the behavior of protected Windows computers when they connect to a removable or mass storage device. You can select the device or devices you want to authorize or block, and specify their usage.

Screen shot of WatchGuard Endpoint Security, Device Control settings

If the device you want to configure does not show in the Add Devices dialog box. You can import the device ID to enable usage. For more information, go to Determine the Device Unique ID.

To configure device control:

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Settings.
  3. From the left pane, select Workstations and Servers.
  4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
    The Add Settings or Edit Settings page opens.
  5. Enter a Name and Description for the profile, if required.
  6. Select Device Control.
  7. Enable the Enable Device Control toggle.
  8. For each type of device, specify the authorized use.
  9. Screen shot of WatchGuard Endpoint Security, Device Control authorized usage 

    • Removable Storage Drives and CD/DVD Drives:
      • Block – Computer cannot connect to the drive.
      • Allow read access – Computer can read the drive.
      • Allow read & write access – Computer and read and write to the drive.
    • Bluetooth Devices, Mobile Devices, Imaging Devices, and Modems:
      • Allow – Computer can connect to the device.
      • Block – Computer cannot connect to the device.
  10. In the Allowed Devices section, add devices that you want to allow usage of with no restrictions.
    Only devices that are connected to the computer show in the list. If the device you want to select is not in the list, you can manually import the device ID. For more information, go to Determine the Device Unique ID.
    1. Click The Add icon..
      The Add Devices dialog box opens.
    2. Select the devices and computers you want to add to the allowlist.
    3. Click Add.
  11. To import a list of computers, click the options menu, and select Import.
    For information on how to create a list of device IDs to import, see Determine the Device Unique ID.
  12. To prevent confusion, you can assign a custom name for a device.
    1. In the Allowed Devices list, select the computer or device.
    2. Click The Edit icon..
    3. Type a new name and click OK.
  13. Click Save.
  14. Select the profile and assign recipients, if required.
    For more information, go to Assign a Settings Profile.

Related Topics

Manage Settings Profiles