G DATA 365 | MXDR
Management of G DATA Device Control in the G DATA Web Portal
With G DATA Device Control for G DATA 365 | MXDR you can control the usage of external devices on the endpoints in your network directly in the G DATA Web Portal.
The "Device Control" view can be accessed in the navigation below "Policy Control". Here you can set which global rules apply to external devices, create exceptions and view protocols and logs specifically in the context of the usage of external devices. You also have the option of configuring notifications that can be displayed on the endpoints.
Device Logging
In the Device Logging section, you can view extensive logs of interactions of individual external devices.
For this purpose, a list is displayed showing all interactions that have been performed by external devices from the supported device classes on all managed endpoints. The entries can be sorted alphanumerically in ascending or descending order by clicking on the column description. There is also a search field that you can use to find specific interactions.
By clicking an entry from the list, all information on the respective interaction can be displayed in a detailed window.
Here you can enter any information in a text field about the device involved, as well as create an exception specifically for the device.
Exceptions can also be created directly from the List of interactions
by clicking the  icon. In both cases, all the data necessary
for identification of the device is already pre-entered.
|
Exceptions
In certain cases, it can be useful to set up exceptions to global rules for certain devices. With G DATA Device Control it is possible, to allow the use of specific external devices contrary to the global rules. This can be defined either globally or for specific endpoints.
A list of all exceptions that have been created is displayed in the Exceptions area. The entries can be sorted by clicking on the column description in descending or ascending alphanumeric order. There is also a search field, so you can search for a specific exception if there is a large quantity of exceptions.
To create an exception, click 
. An input mask opens in which
the data for the exception to be created can be entered.
All fields within the input mask are mandatory to clearly identify the device for which an exception is to be created. Additionally,
you have to select whether the exception should be created globally or for a specific endpoint, and whether read-only or
full access is granted.
Immediately after creating a new exception, it is displayed in the list.
| Exceptions should only be created here in special cases. A simpler way is to release devices via the device logging. All the data necessary for identification is then already pre-filled in the input mask. |
Exceptions can be deleted or edited using the buttons 
in the action column. The edit mask is the same as the mask for creating an exception.
Setting global access rights
In the Global Access Rights section, you can configure which global rules apply to five classes of external devices:
-
Removable media → e.g. USB sticks, USB hard disks etc.
-
Optical drives → e.g. DVD or BluRay drives.
-
Floppy disk drives → no longer widely used, but still a potential attack vector.
-
Windows Portable Devices (WPDs) → e.g. smartphones or digital cameras with SD card.
-
Webcams → independent of the connection type.
There are three different access rights that can be assigned to a device class, Allowed, Blocked and Read only.
Allowed |
The use of all devices from this device class is fully permitted. |
Blocked |
Devices belonging to the device class are blocked and cannot be used. Users receive the Notifications configured Message (or a default text if no changes were made). |
Read only |
You can only read data from devices of this type; storing data is blocked. |
| The access right defined for each type is active for all devices of the respective type on all endpoints, unless exceptions have been created. |
Managing Device Notifications
In the Device Notification section, you can configure the message that is displayed to users when they try to use a blocked external device on an endpoint.
| An individual configuration of the displayed messages is optional. If you do not make any changes at this point, there are preset notifications that are displayed on the endpoints. |
You can enter the exact text in both German and English in the text fields provided. This is then displayed to the user instead of the preset texts. You can also enter a link including link name, to give the user an easy way to communicate with your IT or ticket system and have the external device activated quickly.
Example of a notification on an endpoint
Notifications are displayed on the endpoints in the Windows Notification Center and also as pop-up messages. |
|
|
| As both URLs and URIs can be entered for the link, it is possible to use the "mailto" prefix (for example "mailto:ex@ample.com") to specify an e-mail address. |