Frequently Asked Questions

These are the questions asked during Device Control Plus Training

  1. Is it possible to disable the Auto-Play feature? How?

    Yes, you can disable auto-play under the device access control settings. It is recommended to disable it when you are creating a policy to allow a particular device type so as to prevent automatic file launching when a device is connected.

  2. What is the difference between associated policy and applied policy?

    Polices that are created and mapped to a computer but have not been deployed yet are called associated policies. While, polices that have been deployed successfully to the computers are called applied policies.

  3. What versions of windows does Device Control Plus support?

    Device Control Plus supports Windows 7/Windows8/Windows 8.1 and Windows 10.

  4. How to stay current with Device Control Plus?

    Device Control Plus works on set and forget policy and hence you do not have to worry about updating it frequently. Once you have created the policies to control the devices, all you have to do is just monitor your computers.

  5. How to get the reports of audit log for blocked devices? 

    The audit log for blocked devices will be available in a report called 'Unauthorized Devices' which can be accessed from under the 'Reports' tab.

  6. How to get report for a specific file type that went out of the network?

    Device Control Plus allows you to view all the files that are transferred in and out of your network. However, you can view file transfers based on file extensions and file extension groups on the dashboard which displays the top five extensions that were frequently transferred in and out of your computer.

  7. Can I control device write options by file type?

    Device Control Plus will allow you to control the type of files and the size of files that can be transferred from your computer to a connected USB or peripheral device.

  8. How to receive blocked device details immediately at server?

    To receive blocked device details at server, you have to configure the Device audit settings wherein, you can specify the email IDs at which you want to receive the details. You may also enable or disable receiving reports for each and every policy based on your preference.

  9. Can I grant access permissions to devices that are outside my network?

    Yes, you can. You can grant temporary access to devices that are present both inside and outside your network.target machines based on system type such as laptops and desktops. You can also create a custom group with system type as criteria.

  10. What if one computer has multiple policies that contradict based on the device access levels?

    Consider an instance where you have create two different policies for the same computer. Let's assume that you have allowed USB devices in one policy and blocked in the other. Device Control Plus, the prioritizes device access levels in the following fashion : Allow devices > Allow trusted devices > Blocked devices.

  11. What platforms does Device Control Plus support?

    Device Control Plus supports computers running on Windows and Mac operating systems.

  12. When can I view the complete device and file activities log?

    The complete device and file activities list will be available in the reports section from anywhere after 6 to 24 hours of the action. However, you can receive the blocked device details immediately at server if you have configured the same.

  13. What is the critical distinction between Device Control Plus and other DLP solutions?

    There are a plethora of vulnerabilities that can be fixed by a software patch. But, in order to address cyber attacks due to removable media it is highly important to secure your endpoints from the port level. Device control plus allows you control, block and monitor the devices that connect to your endpoints.

  14. Can I install Device Control Plus agents using SCCM?

    Yes, Device Control Plus agents can be installed in endpoints by creating and deploying a package via SCCM. For detailed steps, refer here.

  15. How to configure policies such that only Bitlocker encrypted devices are allowed access?

    Navigate to 'Create Policy' > 'Removable Storage Device' > 'Advanced Settings.' Then click the option 'Allow access only for BitLocker encrypted devices.'

  16. How to configure policies to allow only BitLocker encrypted devices and selective unencrypted trusted devices?

    Create two policies for the device type 'Removable storage media.' One policy is for the all devices which need not be encrypted; they should be added to a trusted devices list. Another policy should be for just allowed devices and in 'Advanced settings,' the option for enabling access for only BitLocker encrypted devices should be selected. Save and associate both policies to the same custom group.

  17. If multiple policies are deployed to an endpoint, which policy takes precedence?

    When an endpoint is included in multiple policies, the policies with Allow access will take precedence.

     

    The order of priority when multiple policies are deployed to an endpoint (left, being high priority to right, being low priority)

    Allow Temporary Access > Allow Trusted Device > Allow Device policy > Block Device.

  18. How to revoke a policy applied to an endpoint?

    To revoke a policy, the endpoint should be excluded from the Custom Group. Thus, in the next refresh cycle (interval - 90 mins) when the agent communicates with the server, the policy will be revoked for the specific endpoint.

  19. How temporary access policy will be applied to offline endpoints?

    After creating a temporary access policy specific to the offline endpoint, a code can be generated using Generate Code option by the sysadmin, which will be communicated via email (Check here to configure email). This code should be entered in the Apply Code section in the View Device Temporary Access Portal to deploy the policy.

  20. What if I block wireless devices?

    When you block wireless devices, the managed computer(s) cannot access the internet via Wi-Fi. To access the network, the computer(s) with wireless block policy should be connected to the internet via LAN. To manage the computer(s) via Wi-Fi, the wireless block policy should be revoked from the said computer(s).