You can define additional security parameters that affect
permissions and audit rules for protocols.
DeviceLock supports these additional security
parameters:
Block unrecognized outgoing SSL
traffic - if enabled, allows DeviceLock Service to audit and
block all unrecognized outgoing SSL traffic. Otherwise, even if the
protocols are locked, all unrecognized outgoing SSL traffic is not
blocked and audit is not performed for it.
Block IP addresses in URL -
if enabled, allows DeviceLock Service to block all URLs containing
the host IP address when users have "allow access" permissions for
a protocol. Use this setting to block access to sites (for example,
Facebook) that can be accessed using an IP address. This setting
applies to the following protocols: HTTP, Social
Networks, and Web Mail. By default, the setting is
disabled.
Audit and shadow copying for URLs
containing the host IP address are performed at the HTTP level. If
Block IP addresses in URL is disabled but users have "deny access"
permissions for a protocol, all URLs containing the host IP address
are also blocked.
NOTE: If Block IP addresses in
URL is enabled and specific host IP addresses are allowed by the
Protocols White List, these IP addresses will not be blocked. The
Protocols White List settings override Security Settings for
protocols.
Block proxy traffic - if
enabled, allows DeviceLock Service to audit and block all traffic
that flows through a proxy server. The following proxy servers are
supported: HTTP, SOCKS4, and SOCKS5.
Block network if BFE service is
stopped (Windows 8 and later) - if enabled, tells DeviceLock
Service to block all network traffic when the Base Filtering Engine
system service is stopped. If this parameter is disabled and the
Base Filtering Engine system service is stopped, NetworkLock is
unable to control the network traffic on Windows 8 and later
systems. This parameter is ignored if there is no NetworkLock
policy defined.