Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Application and device control policy issue

Created: 16 Dec 2013 • Updated: 17 Dec 2013 | 11 comments
This issue has been solved. See solution.

Dear All,

I have created a policy in SEPM 12.1.4 for USB Block and some data card  allow, But it is not working properly, after applying this policy all web camera get blocked even some scanner’s and printer’s are blocked.

I have already excluded all printer and data card ( Vodafone 3 G, MTS, Tata photan) etc and printer. By device ID.

Even it is very difficult to provide all printer’s device ID, and data cards device ID and scanner device ID.

Is there any way to allow all printer by providing single device ID or class ID.

Operating Systems:

Comments 11 CommentsJump to latest comment

.Brian's picture

Each manufacturer may have a different ID, there really isn't a clean cut solution for this. You can use DevViewer to get the ID and exclude using a wildcard

Symantec Endpoint Protection Device Control: excluding devices from blocking show inconsistent results

http://www.symantec.com/docs/TECH145804

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

the devviewer tool can tell you the class id the one's thats not present in SEPM.

.Brian's picture

Open devviewer and it will show you. You can see it here:

DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

Article:TECH103401  |  Created: 2007-01-19  |  Updated: 2011-12-28  |  Article URL http://www.symantec.com/docs/TECH103401

Obtaining a class ID or device ID

Article:HOWTO80755  |  Created: 2012-10-24  |  Updated: 2013-10-07  |  Article URL http://www.symantec.com/docs/HOWTO80755

 

Untitled_2.jpg

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

raju123's picture

Guid is class id, you can add it using dev viewer.

dev.png

Shukla_A_14's picture

You mean guid means class ID.

Means if I salect guid for HP printer then it will allow all HP printer.

.Brian's picture

It will only allow for that specific device

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Shukla_A_14's picture

It will be very difficult for all HP scanner, means I have to add class ID for all scanner's and printer and data card too.

is there any way to add a single class ID for all HP printer and all Tata photan data card etc. because there is lot's of scanner and printer's in my office and not possible to add one by one by adding class ID or device ID.

.Brian's picture

If they have a similar ID than you can use a wildcard, for example *hp* or something similar to that.

There is no option to add in bulk though

SEPM already has a predefined set of hardware device IDs, although I don't see anything specific to an HP printer

You're best bet is to use a wildcard * to define an entire dataset and see if this works.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

raju123's picture

You can add the device id of hp printer till rev. after that add the asteric(*) sign.

http://www.symantec.com/avcenter/security/ADC/Configuring_Application_Control_1.1.pdf

*Edit*

Eg - USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0

Chooser till  - USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO* (add *)

For more reff

https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

SOLUTION