Protecting removable devices

McAfee® Device Control protects enterprises from the risk associated with unauthorized transfer of sensitive content when storage devices are used.

Device Control can monitor or block devices attached to enterprise-managed computers, allowing you to monitor and control their use in the distribution of sensitive information. Devices such as smartphones, removable storage devices, Bluetooth devices, MP3 players, or plug-and-play devices can all be controlled. McAfee Device Control is a component of McAfee DLP Endpoint that is sold as a separate product. While the term Device Control is used throughout this section, all features and descriptions apply to McAfee DLP Endpoint for Windows and McAfee DLP Endpoint for Mac as well.

Device Control terminology

Device template — A list of device properties used to identify or group devices.

Device group — A list of device templates grouped into a single template. Used to simplify rules while maintaining granularity.

Device property — A property such as bus type, vendor ID, or product ID that can be used to define a device.

Device rule — Defines the action taken when a user tries to use a device that has a matching device definition in the policy. The rule is applied to the hardware, either at the device driver level or the file system level. Device rules can be assigned to specific users.

Removable storage device rule — Used to block or monitor a device, or set it as read-only.

Removable storage protection rule — Defines the action taken when a user tries to copy content labeled as sensitive to a managed device.

Device class* — A collection of devices that have similar characteristics and can be managed in a similar manner. Device classes have the status Managed, Unmanaged, or Whitelisted.

Managed device * — A device class status indicating that Device Control manages the devices in that class.

Unmanaged device* — A device class status indicating that Device Control does not manage the devices in that class.

Whitelisted device* — A device class status indicating that Device Control can't manage the devices in that class because attempts to manage them can affect the managed computer, system health, or efficiency.

* Windows only