Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Block USB Drives

Created: 25 Jun 2012 • Updated: 26 Jun 2012 | 7 comments
This issue has been solved. See solution.

This should be a lot easier than I am making it.

 

I am trying to block all removeable USB drives except one. I've created an Application and Device Control policy and under the Device Control area I added "Disk Drives" to the Blocked Devices list.

 

Under the Devices to Exclude From Blocking I added the Device ID (WPDBUSENUMROOT\UMB\2&37C186B&3&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SDG&PROD_005M&REV_1.00#12345678900000001890&0#) of the particular USB Drive I want to allow. I assigned the policy to a group, moved a test machine into it, and it successfully blocks all the USB Drives I plug in, INCLUDING the drive listed in the "Exclude From Blocking" list.

 

I'm using SEP 12.1 RU1 and any help you can offer as to how to allow the device to work would be greatly appreciated.

Comments 7 CommentsJump to latest comment

pete_4u2002's picture

has the client taking the policy assigned for this group?

 

Matthew Anthony's picture

Yes, the two clients I have moved into the test group both have the latest policy. The Policy is actually blocking all the USB Drives I plug in to the systems, I just need to get it to exclude the one USB drive I've listed in the Exclude From Blocking List.

pete_4u2002's picture

the usb you plugging in , does that show same device id?

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

http://bit.ly/uTVdha

http://www.symantec.com/docs/TECH104299

Matthew Anthony's picture

I pulled the Device ID for the drive I am trying to exclude from Blocking from the DevViewer application. Like I've stated, the blocking part works fine, I need it to exclude a particular device based on it's Device ID, but that's the part that isn't happening.

Chetan Savade's picture

Hi,

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection

http://www.symantec.com/business/support/index?page=content&id=TECH106304&locale=en_US

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

Check this Article:

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH175220

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Matthew Anthony's picture

Thank you to everyone that responded, I appreciate all you've done to try and help, but I think I've been communicating what my problem is incorrectly. I have it semi-resolved, but I'll explain again to try and clear things up.

 

My organization would like to block all USB thumb drives except for a specific type. I began this process by creating a test group and a new policy. The policy blocked all Device ID "USBSTOR&DISK*" type devices. This worked fine, as none of the USB drives I inserted into the computer in the test group would enable.

 

Next I went back into the policy to allow the specific type of drive, in this case an encrypted USB drive. I put the exception into the policy as "USBSTOR&DISK&VEN_SDG&PROD_005M&REV_1.00&12345678900000001890&0". I did not initially realize that the last part (12345678900000001890&0) was in fact a serial number. Even though I specifically told the system to allow that single USB drive to work, I could not get it to enable in the systems in the test group.

 

I then went back and altered what I was excluding from the block down to "USBSTOR&DISK&VEN_SDG&PROD_005M&REV_1.00*" hoping that would allow the thumb drives from Vendor SDG with a product ID of 005M and Revision 1.00 to be excluded from the block policy. It did not work. All the drives of that type were still blocked.

 

Lastly I took the exclude drive all the way down to "USBSTOR&DISK&VEN_SDG*" and that has allowed the drives to show up. My concern now is that any drive from the Vendor SDG will work in these systems, and not just the specific Product 005M.

 

Has anyone else run in to a similar issue where the exclude list will not work until you drop the excluded from policy item all the way down to the manufacturer?

SOLUTION