The Armor A60 reads and writes super fast thanks to USB 3.0, and is compatible with Mac and PC devices courtesy of the FAT32 file system. If, however, you plan to transfer files larger than 4GB, the manufacturer suggests you reformat to exFat for better speed. Though LOK-IT USB Storage Device Control has been deleted to the Trash, its lingering files, logs, caches and other miscellaneous contents may stay on the hard disk. For complete removal of LOK-IT USB Storage Device Control, you can manually detect and clean out all components associated with this application.
Block/disable USB devices in the network The usage of portable storage devices is a growing reality. It poses two main concerns for an organization i;e data theft and malware injection. Desktop Central's secure USB feature would help administrators limit the scope of USB device usage, selectively based on the various roles and departments. This feature enables administrators to centrally control the usage of in the network by blocking or disabling them. It prevents unauthorized download and upload activities as well as the possibility to inject harmful malware into the network. The restriction can be set not just on the computer and user level but also on the manufacturer type, providing more accessibility.
![Usb Storage Device Control For Mac Usb Storage Device Control For Mac](/uploads/1/2/5/6/125638157/958640570.jpg)
Supported USB devices. Desktop Central currently supports enabling or disabling the following USB devices for users and computers:. Mouse. Disk drive. CD-ROM.
Portable storage devices. Floppy disk. Bluetooth. Image. Printer.
Modem USB device audit. An IT administrator faces a cumbersome task of analyzing the usage of pen drives, CDs, or any other portable storage devices that might jeopardize your company’s data or security. It is always better to record these activites for future auditing. Desktop Central helps track the usage of said USB devices and provides you all the necessary information such as:. Device name.
User name. Device type. Time duration. Manufacturer and more. You can choose either a summary or a detailed view of the data.
The reports can be exported as a CSV or PDF for further analysis.
Dctrl Device Control Device Control regulates access to external storage devices and network resources connected to computers. Device Control helps prevent data loss and leakage and, combined with file scanning, helps guard against security risks. You can configure Device Control policies for internal and external clients. OfficeScan administrators typically configure a stricter policy for external clients. Policies are granular settings in the OfficeScan client tree. You can enforce specific policies to client groups or individual clients.
You can also enforce a single policy to all clients. After you deploy the policies, clients use the location criteria you have set in the Computer Location screen (see ) to determine their location and the policy to apply. Clients switch policies each time the location changes. Important:. Device Control only supports 32-bit platforms. By default, Device Control is disabled on 32-bit versions of Windows Server 2003 and Windows Server 2008.
Before enabling Device Control on these server platforms, read the guidelines and best practices outlined in. The types of devices that OfficeScan can monitor depends on whether the Data Protection license is activated. Data Protection is a separately licensed module and must be activated before you can use it.
For details about the Data Protection license, see. Permissions Files on the Device Incoming Files Full access Permitted operations: Copy, Move, Open, Save, Delete, Execute Permitted operations: Save, Move, Copy This means that a file can be saved, moved, and copied to the device. Modify Permitted operations: Copy, Move, Open, Save, Delete Prohibited operations: Execute Permitted operations: Save, Move, Copy Read and execute Permitted operations: Copy, Open, Execute Prohibited operations: Save, Move, Delete Prohibited operations: Save, Move, Copy Read Permitted operations: Copy, Open Prohibited operations: Save, Move, Delete, Execute Prohibited operations: Save, Move, Copy List device content only Prohibited operations: All operations The device and the files it contains are visible to the user (for example, from Windows Explorer). Prohibited operations: Save, Move, Copy Block Prohibited operations: All operations The device and the files it contains are not visible to the user (for example, from Windows Explorer). Prohibited operations: Save, Move, Copy The file-based scanning function in OfficeScan complements and may override the device permissions. For example, if the permission allows a file to be opened but OfficeScan detects that the file is infected with malware, a specific scan action will be performed on the file to eliminate the malware.
If the scan action is Clean, the file opens after it is cleaned. However, if the scan action is Delete, the file is deleted. Advanced Permissions for Storage Devices Advanced permissions apply when you grant limited permissions to storage devices. The permission can be any of the following:. Modify.
Read and execute. Read.
List device content only You can keep the permissions limited but grant advanced permissions to certain programs on the storage devices and on the local computer. To define programs, configure the following program lists. Program List Description Valid Inputs Programs with read and write access to storage devices This list contains local programs and programs on storage devices that have read and write access to the devices.
An example of a local program is Microsoft Word (winword.exe), which is usually found in C: Program Files Microsoft Office Office. If the permission for USB storage devices is 'List device content only' but 'C: Program Files Microsoft Office Office winword.exe' is included in this list:. A user will have read and write access to any file on the USB storage device that is accessed from Microsoft Word. A user can save, move, or copy a Microsoft Word file to the USB storage device. Program path and name For details, see. Programs on storage devices that are allowed to execute This list contains programs on storage devices that users or the system can execute.
For example, if you want to allow users to install software from a CD, add the installation program path and name, such as 'E: Installer Setup.exe', to this list. Program path and name or Digital Signature Provider For details, see. There are instances when you need to add a program to both lists. Consider the data lock feature in a USB storage device, which, if enabled, prompts users for a valid user name and password before the device can be unlocked. The data lock feature uses a program on the device called 'Password.exe', which must be allowed to execute so that users can unlock the device successfully. 'Password.exe' must also have read and write access to the device so that users can change the user name or password. Each program list on the user interface can contain up to 100 programs.
If you want to add more programs to a program list, you will need to add them to the ofcscan.ini file, which can accommodate up to 1,000 programs. For instructions on adding programs to the ofcscan.ini file, see. Programs added to the ofcscan.ini file will be deployed to the root domain and will overwrite programs on individual domains and clients. Specifying a Digital Signature Provider Specify a Digital Signature Provider if you trust programs issued by the provider. For example, type Microsoft Corporation or Trend Micro, Inc. You can obtain the Digital Signature Provider by checking the properties of a program (for example, by right-clicking the program and selecting Properties). Digital Signature Provider for the OfficeScan client program (PccNTMon.exe) Specifying a Program Path and Name A program path and name should have a maximum of 259 characters and must only contain alphanumeric characters (A-Z, a-z, 0-9).
It is not possible to specify only the program name. You can use wildcards in place of drive letters and program names. Use a question mark (?) to represent single-character data, such as a drive letter. Use an asterisk (.) to represent multi-character data, such as a program name. Wildcards cannot be used to represent folder names. The exact name of a folder must be specified.
Wildcards are used correctly in the following examples. Example Matched Data?: Password.exe The 'Password.exe' file located directly under any drive C: Program Files Microsoft.exe Any.exe file in C: Program Files Microsoft C: Program Files. Any file in C: Program Files that has a file extension C: Program Files a?c.exe Any.exe file in C: Program Files that has 3 characters starting with the letter 'a' and ending with the letter 'c' C:. Any file located directly under the C: drive, with or without file extensions Wildcards are used incorrectly in the following examples. Example Reason??: Buffalo Password.exe??
Represents two characters and drive letters only have a single alphabetic character.: Buffalo Password.exe. represents multi-character data and drive letters only have a single alphabetic character. C:.
Password.exe Wildcards cannot be used to represent folder names. The exact name of a folder must be specified. Password.exe Permissions for Non-storage Devices You can allow or block access to non-storage devices. There are no granular or advanced permissions for these devices. To manage access to external devices (Data Protection activated):.
Networked Computers Client Management. In the client tree, click the root domain icon to include all clients or select specific domains or clients. Click Settings Device Control Settings. Click the External Clients tab to configure settings for external clients or the Internal Clients tab to configure settings for internal clients. Select Enable Device Control. If you are on the External Clients tab, you can apply settings to internal clients by selecting Apply all settings to internal clients.
If you are on the Internal Clients tab, you can apply settings to external clients by selecting Apply all settings to ext ernal clients. Choose to allow or block the AutoRun function (autorun.inf) on USB storage devices. Configure settings for s torage devices. Select a permission for each storage device. For details about permissions, see. Configure advanced permissions and notifications if the permission for a storage device is any of the following:. Modify.
Read and execute. Read.
List device content only Although you can configure advanced permissions and notifications for a specific storage device on the user interface, the permissions and notifications are actually applied to all storage devices. This means that when you click Advanced permissions and notifications for CD/DVD, you are actually defining permissions and notifications for all storage devices. For details about advanced permissions and how to correctly define programs with advanced permissions, see. Click Advanced permissions and notifications.
A new screen opens. Below Programs with read and write access to storage devices, type a program path and file name and then click Add. Digital Signature Provider is not accepted. Below Programs on storage devices that are allowed to execute, type the program path and name or the Digital Signature Provider and then click Add. Select Display a notification message on the client computer when OfficeScan detects unauthorized device access. Unauthorized device access refers to prohibited device operations.
For example, if the device permission is 'Read', users will not be able to save, move, delete, or execute a file on the device. For a list of prohibited device operations based on permissions, see. You can modify the notification message. For details, see. Click Back. If the permission for USB storage devices is Block, configure a list of approved devices.
Users can access these devices and you can control the level of access using permissions. Click Approved devices. Type the device vendor.
Type the device model and serial ID. Use the Device List Tool to query devices connected to endpoints. The tool provides the device vendor, model, and serial ID for each device.
For details, see. Select the permission for the device. For details about permissions, see.
To add more devices, click the icon. Click Back.
For each non-storage device, select Allow or Block. If you selected domain(s) or client(s) in the client tree, click Save.
If you clicked the root domain icon, choose from the following options:. Apply to All Clients: Applies settings to all existing clients and to any new client added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings.
Apply to Future Domains Only: Applies settings only to clients added to future domains. This option will not apply settings to new clients added to an existing domain. To manage access to external devices (Data Protection not activated):. Networked Computers Client Management.
In the client tree, click the root domain icon to include all clients or select specific domains or clients. Click Settings Device Control. Click the External Clients tab to configure settings for external clients or the Internal Clients tab to configure settings for internal clients. Select Enable Device Control. If you are on the External Clients tab, you can apply settings to internal clients by selecting Apply all settings to internal clients. If you are on the Internal Clients tab, you can apply settings to external clients by selecting Apply all settings to ext ernal clients.
Choose to allow or block the AutoRun function (autorun.inf) on USB storage devices. Select the permission for each device.
For details about permissions, see. Configure advanced permissions and notifications if the permission for a device is any of the following:. Modify. Read and execute. Read. List device content only There is no need to configure advanced permissions and notifications if the permission for all devices is Full Access.
For details about advanced permissions and how to correctly define programs with advanced permissions, see. Below Programs with read and write access to storage devices, type a program path and file name and then click Add. Digital Signature Provider is not accepted. Below Programs on storage devices that are allowed to execute, type the program path and name or the Digital Signature Provider and then click Add. Select Display a notification message on the client computer when OfficeScan detects unauthorized device access. Unauthorized device access refers to prohibited device operations.
For example, if the device permission is 'Read', users will not be able to save, move, delete, or execute a file on the device. For a list of prohibited device operations based on permissions, see.
You can modify the notification message. For details, see. If you selected domain(s) or client(s) in the client tree, click Save. If you clicked the root domain icon, choose from the following options:.
Apply to All Clients: Applies settings to all existing clients and to any new client added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings. Apply to Future Domains Only: Applies settings only to clients added to future domains.
This option will not apply settings to new clients added to an existing domain. To add programs to the Device Control program lists using the ofcscan.ini file:. For details about program lists and how to correctly define programs that can be added to the lists, see. On the OfficeScan server computer, navigate to PCCSRV. Open ofcscan.ini using a text editor.
To add programs with read and write access to storage devices:. Locate the following lines: DACAPPROVEDLIST Count= x. Replace 'x' with the number of programs in the program list. Below 'Count=x', add programs by typing the following: Item= For example: DACAPPROVEDLIST Count=3 Item0=C: Program Files program.exe Item1=?: password.exe I tem 2= Microsoft Corporation. To add programs on storage devices that are allowed to execute:. Locate the following lines: DACEXECUTABLELIST Count=x.
Replace 'x' with the number of programs in the program list. Below 'Count=x', add programs by typing the following: Item= For example: DACEXECUTABLELIST Count=3 Item0=?: Installer Setup.exe Item1=E:.exe Item2=Trend Micro, Inc. Save and close the ofcscan.ini file. Open the OfficeScan web console and go to Networked Computers Global Client Settings.
Click Save to deploy the program lists to all clients. See also:.