Advice on how to block USB Storage Devices
Hi
I am looking to setup a policy which will block all usb storage devices for around 2500 users. The users will be able to use devices which have been allowed by the IT dept adding them to the exclusion list but i am unsure the best way of doing this.
I think the best way is to block the class id \ guid id (To block all devices) then once we check the devices on a standalone we they will be added to the exclusion list using the device id.
The more i read into this though it looks like there is a big possibility of blocking HDD's on pc's which will cause them to reboot constantly, I have also been told that we can get round this by adding the class id from the HDD's to the exclusion list but we currently have 4 different Dell PC's, 2 Lenovo and 2 HP, we also replace older pc's twice a year which means different models yet again this means we will have to keep adding class id's to the exclusion list.
Comments
Title: 'How to block USB
Title: 'How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.'
Document ID: 2008102008020548
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008102008020548?Open&seg=ent
Title: 'Why does Application and Device Control sometimes block USB Mass Storage Devices?'
Document ID: 2009040311291948
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009040311291948?Open&seg=ent
Title: 'How to block USB flash drives while allowing other USB devices.'
Document ID: 2008022822274348
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008022822274348?Open&seg=ent
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Thanks Prachand but i have
Thanks Prachand but i have already read these guides and still need to know the following
1. How to block all USB Storage devices on evey pc without blocking any HDD's in the pc's
2. Adding the Device ID of the USB Storage devices which will be added into the exceptions list in the future all i can do just now is add a class id
In the device control
In the device control policy
Block -- all usb drives
Exception- Human Interface devices.
Now all usb flash drives will be blocked now if there is any you want to allow add a Device for that in the exceptions.
For Device ID we also we support the use of wildcards "*" and "?":
• Asterisk (*) means zero or more of any character
• Question mark (?) means a single character of any value
Examples:
• Any USB storage device: USBSTOR*
• Any USB disk: USBSTOR\DISK*
• Any USB SanDisk drive: USBSTOR\DISK&VEN_SANDISK*
• Specific SanDisk device:
USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
• Specific Kingston device: USBSTOR\DISK&VEN_KINGSTON&PROD_DTSECURE_PRIVACY*
https://www-secure.symantec.com/connect/forums/device-controlcan-i-use-wildcard#comment-2228781
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Thanks
Thanks
Would you like to reply?
Login or Register to post your comment.