Controlling devices

DriveLock operates with whitelist rules. This basic concept implies that all devices are generally blocked as soon as locking is enabled. Individual whitelist rules are then created to allow usage of only the permitted devices (or groups of devices or device collections). This means that you need to create a separate rule for each device (or group of devices or device list ) you want to use. If a device is not defined via a corresponding rule, DriveLock automatically blocks access to it and it cannot be used. This ensures that your security policy remains intact.

To configure DriveLock, we recommend that you first create the whitelist rules you need, and then enable device locking.

It is possible to combine rules for different ranges of validity at different levels:

  • Device class (e.g. all Bluetooth transmitters): as of version 2024.1, custom device classes can also be used here

  • Device bus (e.g. all PCI network cards)

  • Hardware ID (e.g. a special smartcard reader)

  • Device collection based on hardware ID

You can also configure how and when whitelist rules are applied:

  • specify the computers,

  • the network connections,

  • the logged on users where they apply, and

  • the time when they apply.

If several rules apply, they are prioritized according to the following criteria:

  1. Priority set on the Options tab

  2. Rule type (prioritized from 1 to 3)

    1. Hardware ID and device collection

    2. Bluetooth

    3. Bus

  3. Rules that allow something have a higher priority than rules that block something

  4. Rules with awareness settings have a lower priority than rules without