Video Screencast Help

Device Control - Device ID Wildcard not working?

Created: 22 Oct 2012 | 8 comments

Hi all,

I have device control policies running and it's working fine.
I blocked USB to block thumbdrives and created exceptions for USB printers, Keyboard etc.

I created my own exception to allow Apple devices but it doesn't seem to work using wildcards. It does work when I use the full Device ID.

This is the device ID of an iPhone 4S: USB\VID_05AC&PID_12A0\A2BDCF4999324F6DA69FD82943989926FC5274EE

When I create an exception to allow all Apple USB devices with this ID: USB\VID_05AC*  it does not apply.
I also tried the following:

USB\VID_05AC
USB\VID_05AC&*
\USB\VID_05AC
\USB\VID_05AC*
"\USB\VID_05AC*"

Version is 12.1.671.4971

Here is an example of the security logs:

Using wildcards:
Device Manager Message
The device was disabled successfully.
 [name]:Apple Mobile Device USB Driver
 [class]:Universal Serial Bus controllers
 [guid]:36fc9e60-c465-11cf-8056-444553540000
 [deviceID]:USB\VID_05AC&PID_12A0\A2BDCF4999324F6DA69FD82943989926FC5274EE

Device Manager Message
The device was disabled successfully.
 [name]:Apple iPhone
 [class]:Portable Devices
 [guid]:eec5ad98-8080-425f-922a-dabf3de3f69a
 [deviceID]:USB\VID_05AC&PID_12A0&MI_00\0

Using the complete Device ID:

Device Manager Message
The device was allowed successfully.
 [name]:Apple Mobile Device USB Driver
 [class]:Universal Serial Bus controllers
 [guid]:36fc9e60-c465-11cf-8056-444553540000
 [deviceID]:USB\VID_05AC&PID_12A0\A2BDCF4999324F6DA69FD82943989926FC5274EE

 

Device Manager Message
The device was allowed successfully.
 [name]:Apple iPhone
 [class]:Portable Devices
 [guid]:eec5ad98-8080-425f-922a-dabf3de3f69a
 [deviceID]:USB\VID_05AC&PID_12A0&MI_00\0

Anyone have any ideas how to get this working?

Comments 8 CommentsJump to latest comment

.Brian's picture

Have a look at this taken from admin guide:

 

For Device ID we also we support the use of wildcards "*" and "?":
• Asterisk (*) means zero or more of any character
• Question mark (?) means a single character of any value
Examples:
• Any USB storage device: USBSTOR*
• Any USB disk: USBSTOR\DISK*
• Any USB SanDisk drive: USBSTOR\DISK&VEN_SANDISK*
• Specific SanDisk device:
USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
• Specific Kingston device: USBSTOR\DISK&VEN_KINGSTON&PROD_DTSECURE_PRIVACY*

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

huntmknox's picture

That's where I got the * wildcard from in the first place.

There are also several posts covering a parts of this topic on v11. They all say to use USB\VID_05AC*
 

huntmknox's picture

This works perfectly thank you.

What is PID_12A0? An iPhone?

Will this allow iPads and iPods?

pete_4u2002's picture

i believe you need to use the * till there is \ else it may not considered. can you confirm?

 

Mithun Sanghavi's picture

Hello,

These KB's may also be of assistance to followers of this thread.

Smart phones and Application and Device Control in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH147791

Symantec Endpoint Protection Device Control: excluding devices from blocking show inconsistent results

http://www.symantec.com/docs/TECH145804

How to obtain a device ID when creating an Application and Device Policy

http://www.symantec.com/docs/TECH104789

DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH103401

Symantec Endpoint Protection Manager - Application and Device Control (ADC) - Policies explained

http://www.symantec.com/docs/TECH104431

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.