Hello,

We have created new group for device exception.

All the systems in this group taken the policy and working as per the request but one or two system (even though taken the policy)still usb is not working.

Checked the policy and log in the sepm console for those system which are having usb access issue.in the description log it showing as "Device Manager Message The device was allowed successfully. [name]:Generic volume [class]:Storage volumes"--(as per my knowledge as this log shows device is allowd for the user to use,is it correct?)how to rectify the issue,which one is blocking the usb?

Does the device manager show the USB as enabled or disabled?

Is the Device ID different on those two machines compared to the others? Did you add the device ID for those two to the exception list?

Symantec Endpoint Protection Device Control: excluding devices from blocking show inconsistent results

What is the OS install on that client?

If your Operating System is 64 bit with 11.x SEP then ADC policy will not be applicable

Application and Device Control policies in Symantec Endpoint Protection 11.0 are not applied to 64 bit clients

If 32 bit OS is install then match the policy serail number of the client or that group

Understanding the Policy Serial Number of the Symantec Endpoint Protection Manager

Yes, as per your logs you have the access of device.

For verify it stop the smc service of client with (smc -stop) and plugin the device to check wheter it detect.

After detection it start the smc service(smc -start) again and check the device is disable.

Troubleshoot

Verify the policy of client and manager is same.

https://www-secure.symantec.com/connect/forums/trying-understand-policy-serial-number

Policy match but not work then reinstall the client.

Could you please update the thread for further assistance?