You want to block USB Storage Devices using an Application policy,

Article:TECH92447  |  Created: 2009-01-18  |  Updated: 2009-01-25  |  Article URL
Article Type
Technical Solution



You want to know how to block USB storage devices using only an application policy and not a device control policy.


1. Create a new device id for the usb storage devices.
      a. Go to Policies --> Policy Components.
      b. Add a new device id. Select device id radio button, and put in USBSTOR\*
2. Add a new rule for your application and device control policy.
      a. In the application and device control policy, select the application policy. Click add.
      b. Add an * for apply to this process.
      c. Add a new "File and Folder Access Attempts" condition.
      d. Add an * for apply to the following files or folders. Also choose to "Only match files on the following device id type"
      e. Click select at the bottom right. Choose your new device id. Click OK.
3. Click the Actions tab for the "File and Folder Access Attempts" condition.
4. Choose to block access to read attempts and create, delete, or write attempts.
5. Enable logging if needed and notifications.
Apply this policy to the group that you want to block all usb storage devices.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices