Skip to content

Peripheral Control Policy

Peripheral control lets you control access to peripherals and removable media. You can also exempt individual peripherals from that control.

Restriction

This feature is available for Windows and macOS only.

Peripheral control for macOS doesn't block or control any Bluetooth devices.

Note

If an option is locked global settings have been applied by your partner or Enterprise administrator.

Go to My Products > Endpoint > Policies to control access.

Set up Peripheral Control

This video explains how to set up a Peripheral Control policy and includes troubleshooting advice.

Set up a policy

To set up a policy, do as follows:

  • Create a Peripheral Control policy. See Create or Edit a Policy.
  • Open the policy's Settings tab and configure it as described below. Make sure the policy is turned on.

Manage Peripherals

In Manage Peripherals, select how you want to control peripherals:

  • Monitor but do not block. If you select this, access to all peripherals is allowed, regardless of any settings below. All peripherals used will be detected but you cannot set access rules for them.
  • Control access by peripheral type and add exemptions. If you select this, you can go on to set access policies for peripheral types and for individual detected peripherals.

Set Access Policies

Set access policies in the table.

The table displays detected peripheral types, the number of each type detected, and the current access policy.

Note

The totals include all peripherals detected, whether on endpoint computers or servers. This makes it easier to set consistent policies for all devices.

Note

The MTP/PTP category includes devices such as phones, tablets, cameras, and media players that connect using the MTP or PTP protocols.

For each peripheral type, you can change the access policy:

  • Allow: Peripherals are not restricted in any way.
  • Block: Peripherals are not allowed at all.
  • Read Only: Peripherals can be accessed only for reading.

Note

The Bluetooth, Infrared, and Modem categories do not have the Read Only option.

Note

The Wireless Network Adaptor category has a Block Bridged option. This prevents bridging of two networks. When Block Bridged is turned on, you won't receive any block alerts or events.

Peripheral Exemptions

Click the Peripheral Exemptions fold-out if you want to exempt individual peripherals from the control settings, or apply less restrictive controls.

  1. Click Add Exemptions.
  2. In the Add Peripheral Exemptions dialog, you see a list of detected peripherals.

    Note

    Peripherals are detected when you are in monitoring mode or if there is an access restriction for that type of peripheral.

    Note

    This list shows all peripherals detected, whether on endpoint computers or servers. This makes it easier to set consistent exemptions for all devices.

  3. Select a peripheral.

  4. In the Policy column, you can optionally use the drop-down list to assign a specific access policy to an exempt peripheral.

    Note

    Do not set a stricter access policy for an individual peripheral than for its peripheral type. If you do, the setting for the individual policy is ignored and a warning icon is displayed beside it.

  5. In the Enforce By column, you can optionally use the drop-down menu to apply the policy to all peripherals of that model or to ones with the same ID (the list shows you the model and ID).

  6. Click Add Exemption(s).

Desktop Messaging

You can add a message to the end of the standard notification. If you leave the message box empty only the standard message is shown.

Desktop Messaging is on by default.

Note

If you switch off Desktop Messaging you will not see any notification messages related to Peripheral Control.

Click in the message box and enter the text you want to add.