Video Screencast Help

datacard policy

Created: 24 Sep 2011 • Updated: 05 Oct 2011 | 25 comments
This issue has been solved. See solution.

Anyone have idea to create the policy of usb data card. There 5 type of data card acess in our network and i want to create the policy to access them. Other usb can be restrict in that policy.

Comments 25 CommentsJump to latest comment

mssym's picture

Can you provide some more details?

How do you block/allow your USB device now? I do not have a USB data card, if the device is defined as a regular USB storage, you can block USBSTOR device, data card will be blocked. If you need to block some USB storage device, still requiret to allow certain devices of those type, I am afraid you might need to look into block each device ID, which will be a lot of time involved.

Can you create multiple groups to manage the devices? this way you can manage machines/users device control more granular.

Vikram Kumar-SAV to SEP's picture

Put USBSTOR/DISKDRIVE&* in Block then it will block all USB disk with data card and all types of USB Disk drives.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Sumit G's picture

Hi msym, i have 5 type of data card. I have created the new group for datacard user to provide the access of data card only, all other usb want to block. Data card is of vodafone, tata, reliance, docomo, vf-3g.

Regards

Sumit G.

Sumit G's picture

hi 22 aug, thxs for share. I will read and reply.
Hi vikram, i want exclude the datacard. Block other usb

Regards

Sumit G.

Sumit G's picture

hi 22 aug, thxs for share. I will read and reply.
Hi vikram, i want exclude the datacard. Block other usb

Regards

Sumit G.

Vikram Kumar-SAV to SEP's picture

The one I mentioned will block the all the USB disk drives it will not block the data card however it will block the USB disk that coms with data card.

However if you want to allow even the USB Disk with data card then.

Use th above policy to block

then allow

USBSTOR/DISKDRIVE&\Vendor_Name (for all 5types of data card)

Vendor_Name you can get using devviewer for the application.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Sumit G's picture

K. Thxs i will try the same at tomorow.

Regards

Sumit G.

Sumit G's picture

Hi Vikram,

I have tried as per your mention  but in this policy all the USB include Pend drive(Storage Device) are working

Regards

Sumit G.

Vikram Kumar-SAV to SEP's picture

Just to make sure you are applying the policies correctly :

Block :USBSTOR/DISKDRIVE&*

Allow :USBSTOR/DISKDRIVE&\Vendor_Name (for all 5types of data card)

Vendor_Name

 

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Sumit G's picture

Hi Vikram,

    I have update the USBSTOR/DISKDRIVE&* in the Block option and also update the 2 Data Card Device ID in the allow option for testing purpose...

But block option not working. All of the USB/Storage Device are working in this policy...

 

So if any change require then pls share..

can I try "USBSTOR/DISKDRIVE*" this one..

Regards

Sumit G.

Vikram Kumar-SAV to SEP's picture

Ooops Sorry my Bad..

Its USBSTOR/DISK&* for block

to allow

USBSTOR\DISK&VEN_NAME*

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Sumit G's picture

Still not getting success. same issue..

Regards

Sumit G.

Vikram Kumar-SAV to SEP's picture

Can you export and attach your policy

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Sumit G's picture

Hi,

   Pls find the attached zip

AttachmentSize
control policy.zip 11.59 KB

Regards

Sumit G.

mssym's picture

You need to run devviewer and post the device information so that we will not talk about different type of devices.

Sumit G's picture

I know that one and I have applied the same but I want to block other USB.

Regards

Sumit G.

22Aug's picture

Hi,

Ok, after applying the policy the system needs to be restarted once. Ensure the client have received the policy from SEPM and the policy number matches.

Sumit G's picture

I have not restarted any system while applying any policy. All other policies are working fine

Regards

Sumit G.

Vikram Kumar-SAV to SEP's picture

I got the problem again my mistake...., you are putting the wrong \

Put this 

USBSTOR\DISK*

 

========================

 

■ Any USB storage device:
USBSTOR*
■ Any USB disk:
USBSTOR\DISK*
■ Any USB SanDisk drive:
USBSTOR\DISK&VEN_SANDISK*
=========================

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SOLUTION
Sumit G's picture

K i will try this one and confirm you

Regards

Sumit G.

Sumit G's picture

I have tested this policy usb has been blocked but I don't try datacard till...

Regards

Sumit G.

Vikram Kumar-SAV to SEP's picture

For datacard use the Device ID with Vendor name and device type.

eg: USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO*

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Sumit G's picture

Thanks a lot for your help.. It's done..

Regards

Sumit G.