HI,
I dont think with out class ID or device ID you can block / allow a device.
the hardware devices list
Symantec Endpoint Protection Manager includes a hardware devices list. Some devices are included in the list by default. You use the devices when you configure device control.
You can add devices to the list. You cannot edit or delete any default devices.
Devices are identified by a device ID or class ID. You use either of these values to add a device to the list.
Obtaining a class ID or device ID
You can use the Symantec DevViewer tool to obtain either the class ID (GUID) or the device ID. You can use Windows Device Manager to obtain the device ID.
After you obtain a device ID, you can modify it with a wildcard character to indicate a less specific group of devices.
To obtain a class ID or device ID by using the DevViewer tool
On your product disc, locate the \TOOLS\NOSUPPORT\DEVVIEWER folder, and then download the DevViewer.exe tool to the client computer.
On the client computer, run DevViewer.exe.
Expand the Device Tree and locate the device for which you want the device ID or the GUID.
For example, expand DVD-ROM drives and select the device within that category.
In the right-hand pane, right-click the device ID (which begins with [device ID]), and then click Copy Device ID.
Click Exit.
On the management server, paste the device ID into the list of hardware devices.
To obtain a device ID from Control Panel
On the Windows taskbar, click Start > Settings > Control Panel > System.
On the Hardware tab, click Device Manager.
In the Device Manager list, double-click the device.
In the device's Properties dialog box, on the Details tab, select the Device ID.
By default, the Device ID is the first value displayed.
Press Control+C to copy the ID string.
Click OK or Cancel.
Regards
Ajin