How to block USB flash drives while allowing other USB devices.

Article:TECH104299  |  Created: 2008-01-28  |  Updated: 2012-02-21  |  Article URL http://www.symantec.com/docs/TECH104299
Article Type
Technical Solution


Issue



How do you block USB flash drives while allowing other USB devices?

Symptoms
When blocking USB devices in the application and device control policy, it also blocks other devices that are dependent on (commonly floppy drives and hard drives).

 


Cause



When adding any device in the "Blocked Devices" column, it by default blocks other devices that are dependent on that device.


Solution



In the Symantec Endpoint Protection Manager, open Policies, then click Application and Device Control.

  1. Open an existing policy or click Add an Application and Device Control Policy.
  2. Click on the Device Control tab.
  3. Under the Blocked Devices section click the ADD button and select the USB option.
  4. Click the ADD button under Excluded from Blocking and select, one by one, all of the other devices that use USB that should not be blocked (eg: pointing devices, keyboard, cameras, joysticks, HDD, etc. )
  5. Click OK to save the changes and assign policy.


Warning: Failure to add device exclusions for critical system devices may lead to system instability or blue screens. Some disk controllers may be addressed using a USB bus and will be blocked, possibly blocking SAN and iSCSI devices. Please test all policies before use in a production environment.



Legacy ID



2008022822274348


Article URL http://www.symantec.com/docs/TECH104299


Terms of use for this information are found in Legal Notices