In this section, you can configure restrictions to access to certain devices or device buses and configure black and white lists.
Figure 28. Devices lock settings
To block access to data on removable media (USB flash, floppy, CD/DVD, ZIP drives, etc.), enable the appropriate option. To block sending jobs to printers, enable the option. This option is disabled by default. You can also block data transfer over network (LAN and the Internet).
Infected USB devices can be identified by your computer as a keyboard. If you want Dr.Web to check whether the connected USB device is a keyboard, enable the option.
Device classes and buses
This function allows to block one or several device classes on all the buses and also to block all the devices connected to one or several buses. Device classes are all devices that perform the same functions (e.g., printing devices). Device buses are communication subsystems for transferring data between functional units of the computer (for example, the USB).
To block access to specified device classes or buses, enable the appropriate option. Click the button to make a list of such objects. In the open window, you can select device classes or buses that you want to restrict access to.
Configuration of the list of blocked device classes
1.To block access to the device class completely, click in the column.
2.In the open list, select the classes you want to block and click . The selected device classes will be blocked on all device buses. Only the classes that are not blocked are listed.
3.To unblock the device class, in the window, select the necessary class and click .
To configure the list of blocked device buses
1.To block the entire bus or some devices on the device bus click in the column.
2.In the open window, select necessary device classes. To block the entire bus, select all classes in the list. Click OK.
3.To unblock the bus, in the window select the bus and click .
4.To edit the list of blocked classes on a specific bus, click .
White list of devices
After you restricted access to some device classes or buses, you can allow access to certain devices by adding them to the white list. You can also add a certain device to the white list if you do not want it to be checked for BadUSB vulnerability.
To add a device to the white list
1.Enable the option (the option becomes available if restrictions are set).
2.To configure the list of devices, click .
3.Make sure that the device is connected to the computer.
4.Click . In the open window, click and select the device. You can use a filter to view only connected or only disconnected devices in the table. Click .
5.You can configure access rules for devices with file systems. For that, from the column, select one of the following modes: or . To add a new rule for a specific user, click . To delete a rule, click .
6.To save the changes, click . To close the window without saving the changes, click . The white list of devices opens.
7.To edit a rule set, select it from the list and click .
8.To remove a rule set, select it from the list and click .