Endpoint Manager

• Introduction To Comodo Client Security
  • Special Features
  • System Requirements
  • Install Comodo Client Security
  • Starting Comodo Client Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understanding Security Alerts
• General Tasks – Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
  • Instantly Scan Files And Folders
  • Processing Infected Files
  • Manage Virus Database And Program Updates
  • Manage Quarantined Items
  • View CCS Logs
    • Antivirus Logs
      • Filtering Antivirus Logs
    • Viruscope Logs
      • Filtering Viruscope Logs
    • HIPS Logs
      • Filtering HIPS Logs
    • Containment Logs
      • Filtering Containment Logs
    • Firewall Logs
      • Filtering Firewall Logs
    • Website Filtering Logs
      • Filtering Website Filtering Logs
    • Alerts Logs
      • Filtering Alerts Displayed Logs
    • Tasks
      • Filtering Tasks Launched Logs
    • File List Changes Logs
      • Filtering File List Changes Logs
    • Trusted Vendors List Changes Logs
      • Filtering Trusted Vendors List Changes Logs
    • Configuration Changes
      • Filtering Configuration Changes Logs
    • Device Control Logs
      • Filtering Device Control Logs
  • View Active Process List
  • View Active Internet Connections
• Firewall Tasks – Introduction
  • Allow Or Block Internet Access To Applications Selectively
  • Stealth Your Computer Ports
  • Manage Network Connections
  • Stop All Network Activities
  • Advanced Firewall Settings
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
• Advanced Tasks - Introduction
  • Create A Rescue Disk
    • Downloading And Burning Comodo Rescue Disk
  • Submit Files
  • Identify And Kill Unsafe Running Processes
  • Remove Deeply Hidden Malware
  • Manage CCS Tasks
• Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Program And Virus Database Updates
    • Log Settings
    • Manage CCS Configurations
      • Comodo Preset Configurations
      • Importing/Exporting And Managing Personal Configurations
  • Security Settings
    • Antivirus Settings
      • Real-time Scanner Settings
      • Scan Profiles
      • Exclusions
    • Advanced Protection Settings
      • HIPS Behavior Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • Protected Objects
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
        • Protected Data Folders
      • HIPS Groups
        • Registry Groups
        • COM Groups
      • Comodo Containment
        • The Container - An Overview
        • Unknown Files - The Scanning Processes
      • Configuring Containment Settings
      • Configuring Rules For Auto-Containment
      • Viruscope
      • Device Control Settings
    • Firewall Settings
      • Firewall Behavior Settings
      • Application Rules
      • Global Rules
      • Firewall Rule Sets
      • Network Zones
        • Network Zones
        • Blocked Zones
      • Port Sets
      • Website Filtering
        • Creating And Modifying Website Filtering Rules
        • Defining And Modifying Website Categories
    • Manage File Rating
      • File Rating Settings
      • File Groups
      • File List
      • Trusted Files
      • Unrecognized Files
      • Submitted Files
      • Trusted Vendors List
• Appendix 1 CCS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment And Viruscope Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Setting Up HIPS For Maximum Security And Usability
  • Create Rules For Auto-Containing Applications
  • Running An Instant Antivirus Scan On Selected Items
  • Creating An Antivirus Scanning Schedule
  • Run Untrusted Programs Inside The Container
  • Run Browsers Inside The Container
  • Restore Incorrectly Quarantined Item(s)
  • Submit Quarantined Items To Comodo For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Disable Auto-Containment On A Per-application Basis
  • Switch Off Automatic Antivirus And Software Updates
  • Suppressing CCS Alerts Temporarily While Playing Games
  • Control External Device Accessibility
• Appendix 2 - Comodo Secure DNS Service
  • Router - Manually Enabling Or Disabling Comodo Secure DNS Service
  • Windows XP - Manually Enabling Or Disabling Comodo Secure DNS Service
  • Windows 7 / Vista - Manually Enabling Or Disabling Comodo Secure DNS Service
• About Comodo Security Solutions

Device Control Settings

The 'Device Control Settings' section allows you to configure which types of external devices are allowed to connect to an endpoint. Device Control Settings can also be configured as part of an ITSM profile.

• To open device control, click: Tasks > Advanced Tasks > Open Advanced Settings > Security Settings > Advanced Protection > Device Control:

• Enable Device Control - Enable or disable device control functionality. If enabled you should specify banned device types in the 'Blocked Devices' section (Default = Enabled)

• Log Detected Devices – If enabled, CCS will log events by external devices (Default = Disabled)

• Show Notifications when devices are being disabled or enabled - Will show an alert whenever an external device is connected or disconnected. (Default = Disabled)

• Blocked Devices – Lists external device classes which are not allowed to connect to the endpoint. Example classes include 'USB Storage Devices', 'CD/DVD Drives', 'BlueTooth Devices' and 'Firewire Devices'.

• Exclusions – Allows you to add specific devices which are exceptions to a blocked class. For example, if you wish block the class 'USB Devices' but wish to allow access for your company's authentication tokens, then you should add those USB tokens as exceptions.

General Navigation:

Clicking the handle at the bottom of the interface opens the following controls:

• Add - Allows the user to Add a new device or device class.

• Remove – Deletes the selected device or device class.

• Click 'OK' to save your settings.

To block a device class and specify exceptions:

• Click the handle at the bottom of the interface and then click the 'Add' button.

• This will open the 'Select device classes' screen:

• Choose the type of device you wish to block. For example, USB devices, Bluetooth devices or firewire devices.

• Click 'OK'

If you want to allow access to specific devices that fall within a blocked device class:

• Make sure the external device is connected to the computer

• Click the 'Exclusions' Tab

• Click the handle at the bottom then 'Add'

• Click 'Add existing device' from the options

The 'Select devices' screen will be displayed:

• Click the '+' sign of the class to which your device belongs

• Select the device(s) you wish to exclude

• Click 'OK' in the screen and again 'OK' in the 'Advanced Settings' interface.

You can also add exclusions by using the wildcard character - ' * '. For example, say you wanted to block all USB storage devices apart from a specific type of SANDISK devices that is used by your company. You could specify a device exclusion ID of 'USBSTORDISK&VEN_SANDISK4C5310*'.

• To add exclusions by using wildcard characters, click the 'Exclusions' tab

• Click the handle at the bottom then 'Add' from the options:
  

• Click 'Add custom device' from the options

• Enter the unique device identifier in the 'Device ID' field, for example to exclude all USB storage devices whose device IDs start with “4C5310”, you could enter: USBSTORDISK&VEN_SANDISK4C5310*

• Click 'OK' in the screen and again 'OK' in the 'Advanced Settings' interface.