Application and Device Control Problem
Updated: 21 May 2010 | 6 comments
I have set up Device control to block storage volumes but to accept imaging devices but it is still blocking our digital cameras. Not sure what I ma doing wrong. We need to allow digital cameras to hook up but we don't want usb flash drives, etc to be accessed.
Discussion Filed Under:
Comments
We are having somewhat the same problem.
We would like to be able to use specific usb keys and not any usb key they bring in. Is there anyway to limit a port per the 'exact' deviceID (not generic)?
Hi,
With the introduction of SEP MR2 now you can select individual devices and enable or block them. For that in the second CD there is a utlity called devviewer.exe. You need to run it in a windows XP pc's and then plug the deice and get the device id. so like this way you need to get the ID of the devices you like to enable. After that go to the SPEM and add those values under the device category. After that go to the specific application and device control policy and enable or disable them.
HTH if no contact me offline I'll share a video. Once I've been given a chance by Symantec employee to upload the training vidoes I've created but due to the file size I cannot upload it.
PS: I hope Symantec will give me a postal address so I can post that CD to them and they can add those files to their FTP or shared location so other users can share the information in it. :smileyhappy:
I ran the device viewer and the id that came up was the same as a disk drive. I don't know if I am missing something. I even tried using device id instead of class id and that didn't work either.
When you plug-in one device to different usb ports will get different hardware id, for example see below.
USB portable HDD plug-in to two different usb ports:
USB Port 1: USBSTOR\DISK&VEN_GENERIC&PROD_USB_DISK&REV_9.02\6&B72E86C&0
USB Port 2: USBSTOR\DISK&VEN_GENERIC&PROD_USB_DISK&REV_9.02\6&1E2C9911&0
Therefore, in order to enable to all usb be able to read the specific usb device, you need to add two device ids into the device profile (SEP Console -> Policy -> Policy Components -> Hardware devices) then add-in the device to "Devices excluded from blocking" session.
Hope you guys understand my explanation.
Here is what I have tried I have plugged the Nikon Coolpix Camera into two different USB Slots and I get the following on both ports:
This is what's listed under disk drives:
Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Device ID: USBSTOR\DISK&VEN_NIKON&PROD_DSC_COOLPIX_L1&REV_\30465386&0
This is what is listed under storage volumes:
Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Device ID: STORAGE\REMOVABLEMEDIA\7&1634DD97&0&RM
From this I know I can't set up using class because these numbers already exist as class for disk drives and storage volumes.
I tried using the device id and it still doesn't work. Sorry I am sure it is something simple I am missing. I really would like to add this as a device to be excluded from blocking without unlocking
Hi elecates,
Do take note of the device id must get from that machine which you want to block. Every machine will have different device id although it is using the same hardware.
For your case, USBSTOR\DISK&VEN_NIKON&PROD_DSC_COOLPIX_L1&REV_\30465386&0 might not appear the same when you plug-in to any machine.
rgds,
beta911
Would you like to reply?
Login or Register to post your comment.