> For the complete documentation index, see [llms.txt](https://eaclouddoc.eauditor.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://eaclouddoc.eauditor.eu/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/device-connection.md).

# Device Connection

## Trigger Device connected in DLP policies

Trigger **Device connected** enables monitoring and blocking of hardware device connections to computers within the organization. The trigger operates based on the list of device groups available in Windows Device Manager – selected device types can be fully blocked or allowed for users or devices covered by the rule.

<figure><img src="/files/c858fa6f37a5d4d6f943b39f4287e67bf84a11a9" alt="" width="92"><figcaption></figcaption></figure>

## List of supported devices

The eAuditor system enables monitoring and blocking of the following device types:

* **Storage volume shadow copies** – Supports mechanisms for creating and managing backups and snapshots of storage volumes used by the operating system.
* **Battery devices** – Includes battery-powered devices and power management components such as batteries and power controllers.
* **Biometric devices** – Devices used to authenticate users based on biometric characteristics, such as fingerprints or facial recognition.
* **Bluetooth devices** – Devices communicating wirelessly using Bluetooth technology, e.g., headsets, keyboards, mice.
* **CD-ROM drives** – Optical drives that allow reading (and in some cases writing) of CD media.
* **Graphics cards** – Devices responsible for processing and generating the image displayed on the screen.
* **Floppy disk drives** – Devices used for reading and writing data on magnetic floppy disks.
* **Global Positioning System** – Devices and modules enabling determination of geographic position using GPS.
* **Hard disk controllers** – Controllers that manage communication between the operating system and hard drives and other data storage devices.
* **Human Interface Devices (HID)** – Devices that enable user interaction with the system, such as keyboards, mice, joysticks, and game controllers.
* **IEEE 1284.4-compliant devices** – Devices using the IEEE 1284.4 standard, most commonly used in communication with printers.
* **IEEE 1394 host bus controller** – IEEE 1394 (FireWire) interface controllers enabling communication with high-throughput peripheral devices.
* **Imaging devices** – Devices intended for capturing images, such as cameras, scanners, and digital cameras.
* **IrDA devices** – Devices using infrared communication according to the IrDA standard.
* **Keyboards** – Input devices used for data entry and system control.
* **Media changers** – Devices that enable automatic swapping of data or media carriers, e.g., disc changers.
* **Modems** – Devices used for transmitting data between the system and the telecommunication network.
* **Mouse** – A pointing device that enables cursor control and interaction with the system graphical interface.
* **Multifunction devices** – Complex devices combining multiple functions, e.g., printing, scanning, and copying.
* **Multimedia** – Devices and components responsible for handling audio and video in the operating system.

## Principle of operation

Activating the trigger results in a configuration change for the selected device groups. Any attempt to enable or disable devices in the specified group from Device Manager results in a rule violation, which may trigger specific actions, e.g., screen recording, log entry, notifications, etc.

For each device group there are three possible settings available:&#x20;

* **Ignore (gray)**
* **Always allow (green)**
* **Always block (black)**

<figure><img src="/files/1733e27b47d9e2c50a54ccec170d1997985ff783" alt=""><figcaption></figcaption></figure>

### **Ignore (gray)**

* Does not enforce any changes – the user can locally modify rules in Windows.
* Connecting devices does not affect the DLP policy.

### **Always allow (green)**

* Devices from the given group may be connected.
* Attempts to locally disable availability for this group are blocked and logged.
* Connecting the device does not trigger any actions or system log entries.

### **Always block (black)**

* Does not allow local unlocking of devices.
* Every attempt to change settings is logged and blocked.
* Devices connected from the given group are immediately blocked.

## Practical application

#### **Blocking all USB devices on the production floor**

**Objective:** Ensure that no external CD-ROM drives and Bluetooth devices are used on the production floor.

**Configuration:**

1. Select device types: **CD-ROM drives** and **Bluetooth devices.**
2. Set the rule to **Always block** (black switch) – all specified devices will be blocked.

<figure><img src="/files/236623e4ad6e58618d9afedc3b99473f023b7e09" alt="" width="293"><figcaption></figcaption></figure>

**Result:**

* No device whose type was specified in the rule will be detected on computers covered by the rule.

## Summary

Trigger **Device connection** is a flexible tool for managing device availability within the organization. With a broad list of supported devices and straightforward configuration of blocking options, the rule enables effective protection of IT resources against unauthorized hardware use.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://eaclouddoc.eauditor.eu/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/device-connection.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.