Endpoint Protection

 View Only
  • 1.  Device Whitlelisting for Vendors

    Posted Jul 16, 2016 09:28 AM
    Hi guys, I know how we can block a specific USB via its device ID. But I need to know how can allow all USBs from a one particular vendor I.e Kingston or HP. Appreciate if anyone can share the procedure for allowing or blocking from a particular vendor. Thanks


  • 2.  RE: Device Whitlelisting for Vendors

    Posted Jul 16, 2016 09:33 AM

    Each vendor has a different ID. Use devviewer to find it and allow it that way.

    How Symantec Endpoint Protection Device Control processes Windows device GUIDs and device IDs.

     


    Device ID

    A Device ID (also known as a Device Instance ID in Windows) is a specific ID that is given to each device.  A Device ID can be more effective for blocking or allowing devices because it is made by concatenating a list of data about the particular device.  Device IDs are generally in a more readable format.

    Here are two common formats for Device IDs:

    <class>\<type>&<vendor>&<model>&<revision>\<serial number>

    <class>\<type><vendor><model><revision>\<serial number>


    Here are examples of Device IDs:

    • SanDisk Micro Cruzer - USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
    • Apple iPod - USBSTOR\DiskApple___iPod____________1.62\4&3656B0&0
    • Hitachi IDE Hard Drive - IDE\DISKHTS541060G9SA00_________________________MB3IC60H\4&14AA9DA8&0&0.0.0


    For Device IDs wildcards are supported: * and ?.

    • Asterisk [*] - means zero or more of any character
    • Question mark [?] - means a single character of any value


    Here are examples of using wildcards:

    Any USB Storage device

    • USBSTOR*

    Any USB Disk

    • USBSTOR\DISK*

    Any USB SanDisk drive

    • USBSTOR\DISK&VEN_SANDISK*

    Any USB SanDisk Micro Cruzer drive

    • USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO*

    A specific SanDisk device

    • USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0

     It is recommended to use Device IDs over Class IDs in most cases.

     



  • 3.  RE: Device Whitlelisting for Vendors

    Posted Jul 16, 2016 11:00 AM

    Follow this document

    Block or allow devices in Endpoint Protection

    https://support.symantec.com/en_US/article.TECH175220.html



  • 4.  RE: Device Whitlelisting for Vendors

    Posted Jul 19, 2016 09:53 AM

    Hi,

    After reading the tech bulletin above I was wondering if it was possible to use device and/or application control to disable only the WRITE function of an internal recordable DVD drive (from any & all applications)? The drives in question would all be the same manufacturer and model.

    Thanks!

    (reposted 7/19 in it's own thread)



  • 5.  RE: Device Whitlelisting for Vendors

    Posted Jul 19, 2016 09:55 AM