Endpoint Protection

Hi all,

I have device control policies running and it's working fine.
I blocked USB to block thumbdrives and created exceptions for USB printers, Keyboard etc.

I created my own exception to allow Apple devices but it doesn't seem to work using wildcards. It does work when I use the full Device ID.

This is the device ID of an iPhone 4S: USB\VID_05AC&PID_12A0\A2BDCF4999324F6DA69FD82943989926FC5274EE

When I create an exception to allow all Apple USB devices with this ID: USB\VID_05AC*  it does not apply.
I also tried the following:

USB\VID_05AC
USB\VID_05AC&*
\USB\VID_05AC
\USB\VID_05AC*
"\USB\VID_05AC*"

Version is 12.1.671.4971


Here is an example of the security logs:

Using wildcards:
Device Manager Message
The device was disabled successfully.
 [name]:Apple Mobile Device USB Driver
 [class]:Universal Serial Bus controllers
 [guid]:36fc9e60-c465-11cf-8056-444553540000
 [deviceID]:USB\VID_05AC&PID_12A0\A2BDCF4999324F6DA69FD82943989926FC5274EE

Device Manager Message
The device was disabled successfully.
 [name]:Apple iPhone
 [class]:Portable Devices
 [guid]:eec5ad98-8080-425f-922a-dabf3de3f69a
 [deviceID]:USB\VID_05AC&PID_12A0&MI_00\0

Using the complete Device ID:

Device Manager Message
The device was allowed successfully.
 [name]:Apple Mobile Device USB Driver
 [class]:Universal Serial Bus controllers
 [guid]:36fc9e60-c465-11cf-8056-444553540000
 [deviceID]:USB\VID_05AC&PID_12A0\A2BDCF4999324F6DA69FD82943989926FC5274EE

Device Manager Message
The device was allowed successfully.
 [name]:Apple iPhone
 [class]:Portable Devices
 [guid]:eec5ad98-8080-425f-922a-dabf3de3f69a
 [deviceID]:USB\VID_05AC&PID_12A0&MI_00\0

Anyone have any ideas how to get this working?

Have a look at this taken from admin guide:

For Device ID we also we support the use of wildcards "*" and "?":
• Asterisk (*) means zero or more of any character
• Question mark (?) means a single character of any value
Examples:
• Any USB storage device: USBSTOR*
• Any USB disk: USBSTOR\DISK*
• Any USB SanDisk drive: USBSTOR\DISK&VEN_SANDISK*
• Specific SanDisk device:
USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
• Specific Kingston device: USBSTOR\DISK&VEN_KINGSTON&PROD_DTSECURE_PRIVACY*

Try with USB\VID_05AC&PID_12A0*

That's where I got the * wildcard from in the first place.

There are also several posts covering a parts of this topic on v11. They all say to use USB\VID_05AC*
 

This works perfectly thank you.

What is PID_12A0? An iPhone?

Will this allow iPads and iPods?

HI,

Check this thread you have received all Device ID's

https://www-secure.symantec.com/connect/forums/sep-application-and-device-control-disable-portable-devices

i believe you need to use the * till there is \ else it may not considered. can you confirm?

Hello,

These KB's may also be of assistance to followers of this thread.

Smart phones and Application and Device Control in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH147791

Symantec Endpoint Protection Device Control: excluding devices from blocking show inconsistent results

http://www.symantec.com/docs/TECH145804

How to obtain a device ID when creating an Application and Device Policy

http://www.symantec.com/docs/TECH104789

DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH103401

Symantec Endpoint Protection Manager - Application and Device Control (ADC) - Policies explained

http://www.symantec.com/docs/TECH104431

Hope that helps!!

When you add the Entry in Hardware for Iphone

Have you entered the  USB\VID_05AC* in Device Id or in Class Id?

https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection