Endpoint Protection

 View Only

  • 1.  Application and Device Control

    Posted Jan 21, 2016 01:26 PM

    How would I block all usb access and still allow iphones to Synch along HID devices such as printers keyboard etc. is this a possibility?

    I understand that we can use application control to allow read only access and then phones would Synch. But we want to BLOCK USB Thumbdrives and Hard drives, but still allow HID devices.



  • 2.  RE: Application and Device Control

    Posted Jan 21, 2016 01:30 PM

    Did you try grabbing the Device ID and adding as an exclusion?



  • 3.  RE: Application and Device Control

    Posted Jan 22, 2016 12:28 AM

    try this

    How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection (SEP).
    https://support.symantec.com/en_US/article.TECH106304.html



    • 4.  RE: Application and Device Control

      Posted Jan 22, 2016 04:49 AM

      See this article if it helps.

       

          How to block USB Devices, Excluding the Mouse and Keyboard, in the SEP Manager



    • 5.  RE: Application and Device Control

      Posted Feb 01, 2016 03:36 PM

      I have the ability to block "ALL" usb's and my iPhone will still charge, sync, and load iTunes in addition to printers. 

      Follow these steps and see if this works for you.....

      click on Policies/Applciation and Device Control

      If you already have a policy created, highlight the policy and click on policy components and add "Hardware Devices"  and click on "Add a Hardware Device".  Title the device you wish to block and enter the device ID.  To BLOCK ALL USB's I entered "USBSTOR*  This means Symantec will block ALL USB from any vendor.  You can locate the device ID by downloading the DevViewer and select the device you wish to block. 

      https://www-secure.symantec.com/connect/downloads/devviewer-tool-helpful-application-and-device-control-find-hardware-device-id-and-guid

      After entering the Hardware Device info go back to policies/application and device control and double click the policy you are using.  Click on Device Conrol and select add.  Here you will select the hardware device you created with the identification of USBSTOR*.  Block in Devices Excluded from Blocking select add and search from human interface devices for mice, joy sticks and select printers to enable these devices o work. 

      I would also recommend adding a Notification test message to display to help you ID which policy is working correctly. 

      I hope this help!


      Good Luck!