Endpoint Protection

This instruction is used to block ActiveSync and PC Suite by using SEP’s Application and Device Control Policy.

You may need two additional tools. One is System Explorer (can be downloaded from http://www.systemexplorer.net/download.php). This tool is used to detect the Device Class ID of the ActiveSync and PC Suite. The other is DevViewer (the DevViewer locates on SEP’s DVD in the /Tools/NoSupport/DevViewer folder). This tools is used to check the Device ID of the attached smart phone.

Steps

Find out the device class ID

On the Application and Device Control Policy, we use Hardware Device Class ID and Hardware Device ID to identify the target device in Windows OS. Our first step to block ActiveSync and PC Suite is to find out the device class ID of these two application. We take PC Suite for example on the below steps.

1. Before the installation of PC Suite, launch System Explorer. Choose ‘Snapshots’ under ‘Tools’ on the left panel, then click ‘Create Snapshot’ on the right panel. 
2. Install PC Suite. 
3. Launch System Explorer, create the second snapshot.    
4. Check these two snapshot, then click ‘Compare Snapshots’.       
5. Find out newly created Registry Key after the installation of PC Suite. Write down the Device Class ID for later use.  

Notes:The Device Class ID of PC Suite and ActiveSync are the same on different Windows machine.

For PC Suite, the Device Class ID is:

{4F919108-4ADF-11D5-882D-00B0D02FE381}

For ActiveSync, the Device Class ID is:

{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}

Configuration of the Application and Device Control Policy

On the Application and Device Control Policy, we use Hardware Device Class ID and Hardware Device ID to identify the target device in Windows OS. Our first step to block ActiveSync and PC Suite is to find out the device class ID of these two application. We take PC Suite for example on the below steps.

1. Log into SEPM Console.
2. From ‘Policies’ -> ‘Policy Components’ -> ‘Hardware Devices’, click ‘Add a Hardware Device’, input the Device Name, and input the Class ID of the PC Suite.
3. Add this new Device into the Application and Device Control Policy of the client.
4. The PC Suite will be blocked on the client machine.
5.  If you just want to block someone’s Nokia mobile phone, and allow others’, you can add the Device ID into the allow list of Application and Device Control Policy.