Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Nutanix server configuration
- Workgroup configuration
- Amazon FSx configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- Domain configuration
- File server configuration
- Workgroup configuration
- SMB File Server Configuration
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Installation Steps
- Gateway Configuration in Endpoint
- Gateway Cluster Configuration
- Gateway Server Management
- Certificate Authority Configuration
- Two-way SSL configuration
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Regenerating gateway server access key
- Updating gateway server
- Gateway Server Failover
- Load Balancer Configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- File Upload & Download Reports
- Control Policy reports
- General Reports
- Application Insights
- Shadow Domain Insights
- Banned Domain Insights
- GenAI Insights
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Release notes
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Cloud Protection Gateway server failure
- Known issues and limitations
- Known errors and solutions
- Report discrepancy in File Analysis
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Device Restriction
Device Restriction profiles let you restrict access to USB devices, Bluetooth peripherals, Wi-Fi adapters, and CD/DVD drives across managed endpoints. The restrictions are enforced through Group Policy and applied across all endpoints associated with the policy.
For USB devices, you can deny:
- Read access.
- Write access
- Execute access.
For bluetooth devices, Wi-Fi adapters, and CD/DVD drives, access can be either:
- Fully allowed.
- Completely blocked.
If you require more granular USB device control, such as defining the scope of policy enforcement or creating allowlists or blocklists of USB devices, use Removable Storage Control policies instead.
Configuring a Device Restriction profile
Follow the steps below to create a new Device Restriction profile:
- Select Endpoint DLP from the apps drop-down.
- Go to Configuration > Global Restriction Profiles > Device Restriction.
- Click + Add New Profile in the top-right corner.
- Enter a Name and a Description.
- Select the USB actions that you wish to restrict:
- Deny Read Access: Prevents users from reading data from USB devices.
- Deny Write Access: Prevents users from writing data to USB devices.
- Deny Execute Access: Prevents users from executing files directly from USB devices.
- Deny All Accesses: Applies all three restrictions above at once.
- Select Allow or Block for Bluetooth, WiFi, and CD/DVD Drive.
- Click Save.
- Enforce the Device Restriction profile on endpoints by mapping it to the corresponding DLP policy.
Note: Blocking Wi-Fi disables the network adapter entirely. Blocking Bluetooth disables all Bluetooth functionality, including audio devices and peripherals.
Note: If multiple Device Restriction profiles are mapped to the same DLP policy, or if a Device Restriction profile and a Removable Storage Control policy are both active for the same endpoint, the more restrictive setting takes precedence.
Mapping Device Restriction profiles to endpoints
To enforce Device Restriction on endpoints, created profiles have to be mapped to the DLP policy linked to the targeted endpoints.
Follow the steps below to map device control profiles to endpoints:
- Select Endpoint DLP from the apps drop-down.
- Go to Configuration > DLP Policies.
- Select the DLP policy that is linked to the endpoints to which you wish to apply the Device Restriction profile.
- Under Global Restriction Profiles, click Device Restriction.
- Select the Device Restriction profile you wish to enforce on endpoints.
- Click Save to update the Device Restriction policy.
Blocklisted devices migration
If you previously configured device blocklists on this page, those devices have been migrated to Removable Storage Control as a custom list. They are not automatically set to blocked, as their enforcement depends on how your Removable Storage Control policy is configured. To view and manage that custom list, refer to the Removable Storage Control help page.