Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Application and device Control (ADC) with Windows 7

Created: 12 Oct 2012 • Updated: 16 Oct 2012 | 12 comments
This issue has been solved. See solution.

Dear All

I using SEP 11.x and have been config ADC funtion. I see that device control function not effected for windows 7 but windows XP is OK. Example : I banned the use of usb device=>result :

  • For windows XP : OK, not dectech when user plug USB device port
  • For windwos 7 or vista : not OK. still used USB device

can you help me this issue

Thanks/Duy

Comments 12 CommentsJump to latest comment

Ashish-Sharma's picture

As I suspect you may have Windows 7 x64 machines, keep in mind Application and Device Control module is not compatible with 64bit environement if you are using SEP 11.0.

SEP 12.1 Application and Device Control module is however compatible with 64bit systems.

Please refer to the article below:

http://www.symantec.com/docs/TECH102267

https://www-secure.symantec.com/connect/forums/how-block-usb-using-sepm-windows-7

https://www-secure.symantec.com/connect/forums/sep-64bit-os-supported

https://www-secure.symantec.com/connect/forums/64-bit-systems-usb-block

Thanks In Advance

Ashish Sharma

phamduyus's picture

Hi Pete

SEP version used :  11.0.7200.1147

OS : windows 7 professinal 32 bit service pack 1

Thanks/Duy

Ashish-Sharma's picture

Hi,

Check SEP policy are applied or not ?

Try to create new package and install one system and check policy are apply or not

Check this

After setting up an Application and Device Control policy to block CD writing, CD writing is not blocked as expected, and write attempt is not logged

http://www.symantec.com/business/support/index?page=content&id=TECH104800

Please note that Windows 7 and Vista do not have the process IMAPI.exe, the feature they use is IMAPIv2.0.This feature uses dll  files in both windows vista and windows7.The IMAPI service that existed in Windows XP was not used for Vista and windows7. Hence there is no service interfering with 3rd party software that we can disable.However,we can locate and block "launch process attempts" for the associated dll(s)

NOTE : For Windows 7 OS you can use following file fingerprint value as Windows 7 dose not use imapi.exe, it uses imapiv2.0. This feature uses .dll files. 

*Values listed below are for Windows 7 SP1. Values can change after applying new service packs.

 Widnows 7 32bit OS:

For imapi.dll file the value is 55d9803fd821c293d97614c39e6603d4
For imapi2.dll file the value is 2d11bc8b460957e62e4420373a0d8bda
For imapi2fs.dll file the value is 7a82634c75cd12efcf43897a2e28ce
 
Windows 7 64bit OS:
For imapi.dll file the value is A259E4991C9C422895B944BEABB9799F
For imapi2.dll file the value is 8B886A0AC14EAA8599142887991A5A2E
For imapi2fs.dll file the value is D47180120A4F8EE4076920DA07577729
 
 

Thanks In Advance

Ashish Sharma

.Brian's picture

For Win7, you need to upgrade to SEP 12.1 so it is compatible.

Symantec Endpoint Protection 11.0 compatibility with 64-bit platform

http://www.symantec.com/business/support/index?page=content&id=TECH102143&locale=en_US

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Sumit G's picture

Create a test group and try the policy as per attached document

https://www-secure.symantec.com/connect/downloads/...

Move the window 7 clients in the same group and check the result.

If it come help then implement in production

Regards

Sumit G.

Mithun Sanghavi's picture

Hello,

Could you make sure the Network Threat Protection and Application & Device Control are installed on the Windows 7 32 bit machines.

Secondly, also make sure these ADC policies are applied to the same group where these Windows 7 clients reside.

What happens if you disable the UAC on the Windows 7 machines?

Again,  

Here are the Steps to block the USB Drives -

1. First you have start and logon to “Symantec Endpoint Protection Manager”

2. In the main windows | tool bar select: “Policies” | Hardware Devices | right click and ADD

3. In Device Name write “USB Storage” and Device ID “USBSTOR*.*” | OK 

4. Then click inside “Application and Device Control” in the main menu and then right click inside “Application and Device Control” and Edit. 

5. Device Control | Blocked Devices and click Add

6. Select “USB Storage” and click OK

7. Active Notification: Mark: “Notify users when deviced is blocked”, click “Specify Message Text” ) | add messange | OK (c) and click OK.

8. To assign to the policy just click in “ASSIGN”

9. Select the group to be applied and click “Assign”

10. Done the policy will updated to all workstation member of this group.

Check these Articles:

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH175220

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

http://www.symantec.com/docs/TECH106304

How to block USB Keys with SEP

http://www.symantec.com/docs/TECH106361

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ashish-Sharma's picture

HI,

Can you provide what's the solution.

Your answer help some one

Thanks In Advance

Ashish Sharma

phamduyus's picture

Hi all

Before I configed as bellow

That configed only effected for windows XP . windows 7 is not effected . I don't know why. can you explain ?

After I re-config as bellow :

After config I see effected both Windows 7 32 bit and Windows XP

That's my experience ..! sharing to you

Thanks/ phamduyus

Mick2009's picture

"Thumbs up" for adding that information!  &: )

This may also be of help to admins with the same situation / sort of question:

Best Practices for Deploying Symantec Endpoint Protection's Application and Device Control Policies 
Article URL http://www.symantec.com/docs/TECH145973 
 

With thanks and best regards,

Mick