Permissions for Storage Devices

Device Control permissions for storage devices are used when you:

  • Allow access to USB storage devices, CD/DVD, floppy disks, and network drives. You can grant full access to these devices or limit the level of access.

  • Configure the list of approved USB storage devices. Device Control allows you to block access to all USB storage devices, except those that have been added to the list of approved devices. You can grant full access to the approved devices or limit the level of access.

The following table lists the permissions for storage devices.

Table 1. Device Control Permissions for Storage Devices

Permissions

Files on the Device

Incoming Files

Full access

Permitted operations: Copy, Move, Open, Save, Delete, Execute

Permitted operations: Save, Move, Copy

This means that a file can be saved, moved, and copied to the device.

Modify

Permitted operations: Copy, Move, Open, Save, Delete

Prohibited operations: Execute

Permitted operations: Save, Move, Copy

Read and execute

Permitted operations: Copy, Open, Execute

Prohibited operations: Save, Move, Delete

Prohibited operations: Save, Move, Copy

Read

Permitted operations: Copy, Open

Prohibited operations: Save, Move, Delete, Execute

Prohibited operations: Save, Move, Copy

List device content only

Prohibited operations: All operations

The device and the files it contains are visible to the user (for example, from Windows Explorer).

Prohibited operations: Save, Move, Copy

Allow

Permitted operations: Copy, Move, Open, Save, Delete, Execute

Permitted operations: Save, Move, Copy

This means that a file can be saved, moved, and copied to the device.

Block

Prohibited operations: All operations

The device and the files it contains are not visible to the user (for example, from Windows Explorer).

Prohibited operations: Save, Move, Copy

The file-based scanning function in CPM complements and may override the device permissions. For example, if the permission allows a file to be opened but CPM detects that the file is infected with malware, a specific scan action will be performed on the file to eliminate the malware. If the scan action is Clean, the file opens after it is cleaned. However, if the scan action is Delete, the file is deleted.

Tip: Device Control for Data Protection supports all 64-bit platforms. For Unauthorized Change Prevention monitoring on systems that CPM does not support (for details, see the System Requirements), set the device permission to Block to limit access to these devices.