Endpoint Protection

 View Only

  • 1.  Device control:Can I use wildcard?

    Posted Mar 25, 2009 05:19 AM
        I'm now set up device control to only allow some authenticated USB device connect our computer. But when I use DevViewer.exe to get device ID, I found that the Device ID of some DCs will change:

    eg: I have a DC , it's Device ID is: USB\VID_132B&PID_0013\5&7C41E62&0&1 , when i connect it to anothercomputer , 5&*********&0&1 will chage.

    if wildcard is supported, I can use the DC on every computer, otherwise, i need to add a lot of Device ID for ONE DC.....


  • 2.  RE: Device control:Can I use wildcard?

    Posted Mar 25, 2009 05:45 AM
    The device ID is unique, and when you add exclusions to device control, if im not mistaken is Class ID.

    I think what you can do is create a separate group allowed users (e.x. VIP)for their device control policy, to allow their usb device access.


  • 3.  RE: Device control:Can I use wildcard?
    Best Answer

    Posted Mar 25, 2009 05:48 AM
    Yes you can.

    For Device ID we also we support the use of wildcards "*" and "?":
    • Asterisk (*) means zero or more of any character
    • Question mark (?) means a single character of any value
    Examples:
    • Any USB storage device: USBSTOR*
    • Any USB disk: USBSTOR\DISK*
    • Any USB SanDisk drive: USBSTOR\DISK&VEN_SANDISK*
    • Specific SanDisk device:
    USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
    • Specific Kingston device: USBSTOR\DISK&VEN_KINGSTON&PROD_DTSECURE_PRIVACY*

    Excerpt from:
    Symantec Endpoint Protection 11.0 - Application and Device Control Rev 1


  • 4.  RE: Device control:Can I use wildcard?

    Posted Mar 25, 2009 08:36 PM
     It worked , I remember I trust "*" as a wildcards before, but it does not work. Maybe I made some mistakes .

    THANKS!