Video Screencast Help

ADC Mass Storage Dilemma's

Created: 19 Oct 2012 | 6 comments

We currently run a ADC (specifically Application Control) policy to stop read and write to USB Mass Storage as filtered Device ID USBSTOR*. I have found that with more and more users using smart phones or phones that have a storage device to store data and have moved away from using the traditional Thumb drive type devices. This is a problem when you are using SEP to control mass storage as the mobile devices are detected by the OS as different devise ID's. These devices are not always detected as USBSTOR devices in device manager this makes SEP's ADC policy redundant. Some are detected as portable devices with unique device ID's. 

Not wanting to invest time and money in creating rules for all differing variants on Mobile device I was wondering if anyone else has come across this and what your experiences are with mobile device storage? Have you moved away from SEP for this Device control, are you using multiple tools to control Mass Storage devices (e.g. Windows Group Policy, DLP agents and SEP...)? 

Our goal is to stop malicious data theft and accidental data lose. 


Discussion Filed Under:

Comments 6 CommentsJump to latest comment

consoleadmin's picture


I am using the below USB class id to disable all type of the USB Storage included Mobile

USB Class: {36fc9e60-c465-11cf-8056-444553540000}


Chetan Savade's picture


Refer this thread

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Jamit's picture

Hi All, thanks for your responces they have been a great help. I am developing and testing some new rules now. 

Ian_C.'s picture

I'll have to bookmark these links.

Please mark the post that best solves your problem as the answer to this thread.
Simpson Homer's picture

In reference to Mobile Device Security, what security can be planned with respect to personal mobile phones used by employees in software development environment?

A mandatory security policy in the company that requires all employees to check their cell phones in at the front desk when in the building is one possible measure.  This is not popular but then again there is always a trade-off between convenience and security.  I know of companies that have put such a policy in place effectively. 

If you are concerned that employees could copy proprietary information (source code, etc) onto the storage that is within their mobile phones, you could create a Application and Device Control (ADC) rule in Symantec Endpoint Protection to block them.

Smart phones and Application and Device Control in Symantec Endpoint Protection 11.0(

Please do elaborate on other concerns!  Mobile Device security is an area where I have a bit of experience.