How to create a rule that will allow only specific USB’s on to your network.

Article:TECH92943  |  Created: 2009-01-18  |  Updated: 2010-01-12  |  Article URL http://www.symantec.com/docs/TECH92943
Article Type
Technical Solution


Environment

Issue



You want to create a policy that will allow a specific list of usb drives.


Solution



Adding external USB drives to the Hardware Devices list

1. Open the Symantec Endpoint Protection Manager
2. Click on Policies
3. Expand Policy Components
4. Click on Hardware Devices
5. Click Add a Hardware Device...
6. In the field Device Name: usbstorage Note: This can be anything
7. Choose Device ID: USBSTOR\* (Note: This must be all capital letters and must be spelled correctly)
8. Click OK

How to add USB by device ID

On the Symantec_Endpoint_Protection_11.0.XXXX.XXX_MRX_AllWin_EN_CD2.xxx you will find the TOOLS/NOSUPPORT/DEVVIEWER. Download the DevViewer.exe file.

1. Place a USB thumb drive in the USB port
2. Open the DevViewer utility
3. Expand Disk drives in the DevViewer
4. Select USB Flash Memory USB Device
5. In the right hand panel under USB Flash Memory USB Device right click in the panel and choose Copy Device ID.
6. Open the Symantec Endpoint Protection Manager
7. Click on Policies
8. Expand Policy Components
9. Click on Hardware Devices
10. Click Add a Hardware Device...
11. In the field Device Name: Allow USB (Note: This can be anything)
12. Choose Device ID: and paste the device id for the USB in the field
13. Click OK



How to create a rule that will allow only specific USB’s on to your network.
    1. Click on Application and Device Control
    2. Edit Application and Device Control
    3. Highlight Application Control
    4. Check the box next to Block writing to USB drives
    5. Choose Edit
    6. Under the Rules column choose Add > Add Condition File > Folder Access Attempts
    7. The File and Folder Access Attempts Folder Access Attempts must be highlighted
    8. On the Properties tab Enable this rule should be checked
    9. Under Apply this rule to the following files and folders:
    10. Click Add
    11. In the File or Folder Name To Match field type *
    12. Use wildcard matching(* and ? supported) should be checked
    13. Check the box Only match files on the following device id type
    14. Choose Select button
    15. Browse to the Device Name: usbstorage (Note: this may have been named something else based on your naming convention)
    16. Click OK
    17. Under do not apply to the following files and folders choose Edit
    18. In the File or Folder Name To Match field type *
    19. Use wildcard matching(* and ? supported) should be checked
    20. Check the box Only match files on the following device id type
    21. Choose Select button
    22. Browse to the Device Name: Allow USB (Note: this may have been named something else based on your naming convention)
    23. Click OK
    24. Select the Actions tab
    25. In the Read Attempt column choose Block access – ( Note: Enable logging if you would like to log the attempts)
    26. Check the box Notify User:
    27. Create a notification by typing something in the field Note: this can be what ever you want
    28. In the Create, Delete, or Write Attempt column choose block access
    29. Check the box Notify User:
    30. Create a notification by typing something in the field Note: this can be what ever you want
    31. Click OK
    32. Click OK again
    33. Apply to the groups you want to associate this policy with
    34. Reboot clients

    Note: This will work on a 32bit server but will not work on a 64bit server but all features must be installed. AntiVirus and Antispyware, Proactive Treat Protection, Network Threat Protection


    Note: This will work on all workstations but all features must be installed. AntiVirus and Antispyware, Proactive Treat Protection, Network Threat Protection


    References

    Title: 'How to block programs extensions from running from removable drives.'
    Document ID: 2009020313373948
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009020313373948?Open&seg=ent




    Legacy ID



    2009031809381448


    Article URL http://www.symantec.com/docs/TECH92943


    Terms of use for this information are found in Legal Notices