What types of device are controlled?

Device control enables you to block the following types of device: storage, network, short range, and media.


  • Removable storage devices (for example, USB flash drives, PC Card readers, and external hard disk drives)
  • Optical media drives (CD-ROM/DVD/Blu-ray drives)
  • Floppy disk drives
  • Secure removable storage devices (for example, hardware-encrypted USB flash drives)

For a list of supported secure removable storage devices, see Sophos knowledgebase article 63102.

Tip Using the secure removable storage category, you can easily allow the use of supported secure removable storage devices while blocking other removable storage devices.


  • Modems
  • Wireless (Wi-Fi interfaces, 802.11 standard)

For network interfaces, you can also select the Block bridged mode that helps to significantly reduce the risk of network bridging between a corporate network and a non-corporate network. The mode works by disabling either wireless or modem network adapters when an endpoint is connected to a physical network (typically through an Ethernet connection). Once the endpoint is disconnected from the physical network, the wireless or modem network adapters are seamlessly re-enabled.

Short Range

  • Bluetooth interfaces
  • Infrared (IrDA infrared interfaces)

Device control blocks both internal and external devices and interfaces. For example, a policy which blocks Bluetooth interfaces will block both of the following:

  • The built-in Bluetooth interface in a computer
  • Any USB-based Bluetooth adapters plugged into the computer



    This includes mobile phones, tablets, digital cameras, media players and other devices that connect to a computer using Media Transfer Protocol (MTP) or Picture Transfer Protocol (PTP).