KSC - device control stopped but status do not change

[comgam]

Hi

 

i have manually disabled “Device control” (enabled by Policy but not locked, password protected) on a computer but there is no status change on the device, no alert on the KSC (just an event in the eventlog) while on my understanding it should be since the policy is different from the one the computer is supposed to have

Since we authorize our technician to temporary disabled deice control i want to know if a protection component is stopped on a computer

Also after renabling the “Device Control” the component is still “Stopped”, see screenshot

thanks

[Adons]

Hi, firts from KSC you can allow a user to use devices, just set the user in the KES policy: select group policy > device control >removable drive > edit > add > add , end select the user

 

or you can add an specific device to allow use it in all Kaspersky group, Active directory group or specific user. Select the group policy > device control > trusted devices, and press “refresh” button, it will show you a list of all devices connected in your Kaspersky devices, you need to know the device ID, you can see this in the device control log in computer events.

 

You need to be sure that your computer is connected with network agent to the KSC console, if the computer is not connected to the console, the policy will never work.

you can force this with klmover, just change the IP in KLMover.bat file with your server IP or server name and run it as administrator in client computer.

 

 

Let me know about it.

[comgam]

Hi 

 

yes we are using those policy for other matter  but you can forget to remove the device or the suer when his usage of the USB key is finished so the user

Thats why disabling the device component and having the computer appear as warning or critical because the policy is different was a good option 

[comgam]

Also i cannot, as a Technician, allow only the device for like 1 or 2 hours (i can only by “Pause protection” but it make no sense because if the USB key is infected it will not be scanned)

And the request “temporary access “ is really not easy for end user, the process is to complex for them and that’s not their job

[Adons]

ok, you can set a quick scan in your group policy for connected usb

 

If you want to allow to connect a usb device for 1 or 2 hours, when the user connect the usb, kaspersky will show you a block message, in this block message you will see a temporal access request just select the device and kaspersky will create a .akey file, you have to move this file to your server and select the device, right click on this and select “Grant access in offline mode”

 

In this windows just select the .akey file and this will show you some values like time to use this file and time to use this device, so you can set 1 or 2 hours, this will create a .acode file just share this file with the user.

connect the usb again, when kaspersky show you a block message just select “I have a access code” and select the .acode file.

[Adons]

Also, device request access is an educational affair for the user, you may have to share a document about how-to request USB access step by step and tell them "This is the process".