Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 00:00:07 - 00:04:19 In addition to anti-malware protection, Kaspersky Endpoint Security Cloud features control components that prohibit specific actions capable of harming the computer or the company's business. Device control limits the use of devices connected to the computer according to the configured rules. Web control restricts access to websites depending on their content. Application control allows or prohibits running of selected programs on computer. Kaspersky Endpoint Security for windows can not only detect and block threats, but also control user's actions. Kaspersky Endpoint Security for windows can block attempts to connect various devices to the computer, such as removable drives, modems, printers, and so on. Companies may want to prohibit the use of removable drives because they may contain malicious files and are difficult to control. It makes sense to block removable drives to improve security and to reduce the risk of information leakage. Sometimes, management protects the company from possible leaks by prohibiting not only external drives, but also printers, scanners, cameras, modems, and network adapters. Device control allows you to implement and administer such prohibitions. Device control pertains to the management settings within a security profile. Click the settings link under rules for Blocking Device Categories. To open the list of device categories that you need to prohibit on the computers. By default, all devices are allowed to prohibit a device type. For example, removable drives change the value in the access column from allow to block and save the settings. Device control is disabled by default, enable it and save the changes. As soon as a computer receives these settings, the users will no longer be able to use prohibited devices. Kaspersky Endpoint Security will block such a device upon connection and display the respective information message. However, blocking all devices without distinction may be counterproductive, since some employees may need removable drives for their work to prevent blocking specific devices. Make them trusted to make a device trusted. First, you need to find out its ID. The easiest way is to let Kaspersky Endpoint Security block such a device, find the blocking event, and copy the device ID from it. If a user sends a device unblock request, it will also contain the device ID to add a device to exceptions. Open the Device Control settings and click settings below. Exclusions from Device Control. Click add and select the name of the exception. Enter the device ID and if you want to add a comment, click okay and then save. As soon as the computer receives the updated security policy, the specified device will not be blocked since it is included in the list of exceptions. If you no longer trust a device, simply delete it from the list. In addition to its main functionality that we described earlier, Web Control can block banners, which speeds up web browsing and reduces the risk of computer infection since banners may contain malicious links. Web control pertains to the management settings within a security profile. By default, web control is disabled by changing access mode. You can either allow access to all sites except those prohibited, or deny access to all sites except those allowed to ban. Social networks you need to create a new rule. Click the plus Add button. Name the rule. Select the category of sites in an action. Allow block. Warn a message that the users should not visit. This site will be displayed every time when they try to open a social network. If a site is blocked, a user trying to open it will simply see that the website is not accessible. Application control enables you to centrally allow or prohibit specific programs on computers. You can find its settings in the app control section of a security profile. Application control is disabled by default. This component can either prohibit the launch of all programs except those that are allowed, or allow the launch of all programs except those that are prohibited. In either case, you will need to draw up a list of applications. Pre-set categories are available for your convenience. Select the necessary categories and add them to your list. Another method is to specify the path to the executable file that you want to include in the list. Additionally, you can prohibit the launch of any applications from removable drives. Click save to apply the settings.4461