Hi,
Problem is that how to be sure that USBSTOR is enough to block all devices with data write possibility ?
--> It works when you choose this option. Have you ever seen that even after using this option USB is accessible or making data read/write?
It is recommended to use Device IDs over Class IDs in most cases.
have you checked this?
Here are examples of using wildcards:
Any USB Storage device
USBSTOR*
Any USB Disk
USBSTOR\DISK*
Any USB SanDisk drive
USBSTOR\DISK&VEN_SANDISK*
Any USB SanDisk Micro Cruzer drive
USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO*
A specific SanDisk device
USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.
http://www.symantec.com/docs/TECH106304