This section describes features for tracking and control of storage devices detected on computers running the Carbon Black App Control Agent.
Carbon Black App Control enables you to track fixed and removable storage devices on agent-managed Windows and Mac computers, and to control file operations that users can perform on those removable devices. Carbon Black App Control device management consists of the following:
-
Policy-specific device control settings determine whether Carbon Black App Control rules control write and execute operations on devices connected to computers in a policy, and whether this control applies to unapproved devices, banned devices, or both.
-
Device-specific rules allow you to explicitly approve or ban specific removable devices, either by model or by individual device (defined by serial number), so that files can be written or executed on approved devices while banned or unapproved devices may be restricted by your policy settings. The behavior of these approval and ban rules is similar to the behavior of file approvals and bans in Carbon Black App Control.
-
Device inventory tables show each device discovered by a Carbon Black App Control Agent and make it possible for you to implement the device-specific rules. This inventory includes a list of device models, a list of individual devices, and a list of unique attachments of an individual device and an individual computer. You can drill down on any instance in these lists.
- VMs can have virtual disks with the name serial number, especially if they're from the same template.
- USB sticks are often used in multiple machines, especially in an office environment.
Tip: The Computer Count field will be greater than 1 if an individual serialized device is used on more than one computer.
All device visibility and control features are available for computers running Windows agents, including the agents built into all recent server releases.
Device management features are not currently available for Linux computers.
