This feature helps you to authorize all USB Devices and system internal devices (Example: Bluetooth, Webcam). Authorized devices can be allowed or blocked at EPS client system when configured though policy. This authorization must be done for every USB storage device to manage the devices in the EPS environment.
Cleaning USB device
Before adding a device to the Device Control tool (dcconfig tool), clean the disk.
To clean the disk, follow these steps:
- Connect the device.
- On the command prompt, type the following commands one by one:
diskpart
list disk
Select disk <#>
clean
convert mbr - After clean up, create partition on the disk.
Now the disk is ready to be added.
Viewing details of devices
To view details of devices, follow these steps:
- Log on to the Seqrite Endpoint Security Web console.
- Go to Admin Settings > Server > Manage Devices.
A list appears which contains devices which can be added to the device exceptions in Device Control settings.
The list displays the following details of the devices:
Fields | Description |
---|---|
Device Name | Displays the device name. |
Device Type | Displays the device type of the device. |
Endpoint Name | Displays the name of the endpoint. |
Serial Number | Displays the serial number of the device. |
Model Name | Displays the model name of the device. |
Encryption Status | Displays one of the following encryption type of the devices, · Not encrypted · Partially encrypted · Fully encrypted |
Authorized | Displays status of the encryption, whether Yes / No |
Adding device where EPS client is installed/ not installed
To add the device where EPS client is installed/ not installed, follow these steps:
- Log on to the Seqrite Endpoint Security Web console.
- Connect the clean device.
- Go to Admin Settings > Server > Manage Devices.
- Select Add Devices > USB Devices. Add Device dialog appears.
- Click the link click here to download Device Control package.
- Extract the zip file DEVCTRL.7Z.
- From the devctrl folder, double click the dcconfig.exe file.
- The device details appears in the Device control dialog. In the Device name box, enter device name.
- To authorize the device, do one of the following:
- If you are using the system where the EPS client is installed, the available encryption options are:
- No encryption
- Partial encryption
- Full encryption
- If you are using the system where the EPS client is not installed, encryption is not available.
- To apply the encryption, refer the following table:
- If you are using the system where the EPS client is installed, the available encryption options are:
Encryption | Action |
---|---|
No | · Clear the Make this device accessible only within your corporate network check box. This is selected by default. · Clear the Encrypt this device check box. |
Partial | · Select the Make this device accessible only within your corporate network check box. This is selected by default. · Clear the Encrypt this device check box. |
Full | · Select the Make this device accessible only within your corporate network check box. This is selected by default. · Select the Encrypt this device check box. · When you apply the full encryption, Format window appears. Format the device. |
- Click Save to File. A file dcinfo.dat is created.
- Save dcinfo.dat file in the devctrl folder.
- Go to Admin Settings > Server > Manage Devices.
- Select Add Devices > USB Devices. Add Device dialog appears.
- Click Browse and upload file dcinfo.dat.
- Click Apply.
The device is added to the device exceptions and appears in the list.
Adding device in the dcconfig tool through Admin folder
To add device in the dcconfig tool through Admin folder
- Connect the clean device.
- On the Seqrite Endpoint Security server, browse to the folder “
\Seqrite\Endpoint Security 7.60\Admin” - Double click dcconfig.exe file. Device Control dialog appears.
- Click Retrieve button to view the details of the device attached.
- The device details appears in the Device control dialog. In the Device name box, enter device name.
- To authorize the device, the available encryption options are:
- No encryption
- Partial encryption
- Full encryption
To apply the encryption, refer the following table:
Encryption | Action |
---|---|
No | · Clear the Make this device accessible only within your corporate network check box. This is selected by default. · Clear the Encrypt this device check box. |
Partial | · Select the Make this device accessible only within your corporate network check box. This is selected by default. · Clear the Encrypt this device check box. |
Full | · Select the Make this device accessible only within your corporate network check box. This is selected by default. · Select the Encrypt this device check box. · When you apply the full encryption, Format window appears. Format the device. |
- Click Add.
Partial encryption supports only NTFS. No encryption and full encryption support all the file systems.
Adding exceptions to the device control policy
You can add exceptions for removable devices that are used by authorized persons so that the devices are excluded from the policy.
- Log on to the Seqrite Endpoint Security Web console.
- Go to Admin Settings > Server > Manage Devices.
-
Select the device category from the Add Device**s** drop down list. The following device categories are displayed:
- Network Device: A list of devices connected to the network is automatically displayed. Select the devices that you want to manage. Click OK.
- USB Devices: Use this option if you want to add a USB device that is not in the Network Device list and not connected.
-
USB by Model: Use this option. If your organization has a large number of USB storage devices of the same make and model. You can add these USBs by model name. The Add device by Model Name dialog box appears. Enter the Device Name. Select a mode from the Add Model Name list box. The following modes are displayed:
- Automatically: The device model name is automatically displayed if a USB mass storage device is attached to the Windows operating system.
- Automatically fetching of model name is not supported on Mac operating system.
- From the list: A list of pre-specified device model names appears. Select a model name from the list.
- Manually: Enter Model Name. Follow the procedure mentioned on the dialog box.
If same USB storage device is authorized as USB Device and USB by Model, the priority will be given to the Model name.
- Automatically: The device model name is automatically displayed if a USB mass storage device is attached to the Windows operating system.
- USB by Serial Number: Use this option to add the USB by serial number without connecting the USB. The Add device by Serial Number dialog box appears. Enter the Device Name. Enter the Serial Number. Click OK.
- Other devices: Use this option if you want to add a device that is not connected, and not in the list. Select the device type and enter the corresponding details for that device.
-
Select the devices that you want to manage from the displayed list and click OK.After the device appears in the list, toggle the button under Authorized to Yes or No as required. You can also use the Edit icon that appears to change the device name as it appears or use the Trash box icon to delete the device from the list.
If you set the device authorized permission to ‘No’, then that device cannot be added to the exceptions list.
- To add the device to the exceptions list, go to Settings > Client Settings > Advanced Device Control.
- Click Exceptions.
- Click Add. The Managed Devices dialog box displays the list of authorized devices.
- Toggle the Add to Exceptions button for that device.
- Click OK.
- Click Yes on the Managed Devices confirmation dialog box. The device is now added in the list of exceptions.To delete a device, select the device, and then click the Trash icon that appears.
- Set the access permissions as required.
- Click Save Policy.
- In case you are accessing Web console on Windows Vista, turn off the ‘Protected Mode’ option in Internet Explorer.
- If you are unable to add devices through the Web console, you can also use the Device Control Tool to add USB Storage devices. This tool is available at the following location on the EPS Server:
\Admin\dcconfig.exe - Add device functionality will not work with Edge browser on Windows 10 operating system and on Google Chrome 44 and later versions.