Endpoint Protection

 View Only

  • 1.  disable USB writting on SEP12 Manager

    Posted Aug 01, 2013 09:55 AM

    Hi all,

     

    Does anybody know how to disable the USB writing on SEP12 Manager console and build a  specialized group, throw computers into the group?



  • 2.  RE: disable USB writting on SEP12 Manager

    Posted Aug 01, 2013 10:00 AM

    You can create a separate group and move the test PCs in to it. Than apply a device policy

    http://www.symantec.com/docs/TECH95813



  • 3.  RE: disable USB writting on SEP12 Manager

    Posted Aug 01, 2013 10:11 AM

    check this

    How to block USB hard drives in SEP, but allow reading specific USB drives in the SEPM Application and Device Control Policy

     

    http://www.symantec.com/business/support/index?page=content&id=TECH173724

    How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control

    http://www.symantec.com/business/support/index?page=content&id=TECH95813&actp=search&viewlocale=en_US&searchid=1299258802261

     

    https://www-secure.symantec.com/connect/forums/usb-device-read-only



  • 4.  RE: disable USB writting on SEP12 Manager

    Broadcom Employee
    Posted Aug 01, 2013 02:18 PM

    Hi,

    Thank you for posting in Symantec community.

    I would be glad to answer your query.

    In the Symantec Endpoint Protection Manager, open Policies, then click Application and Device Control.

    •     In the right pane do a right click & Add an Application and Device Control Policy.
    •     Click on the Device Control tab.
    •     Under the Blocked Devices section click the ADD button and select the USB option.

    This process will block all the USB devices including Keyborad and Mouse.

    Refer the following articles:

    How to block USB flash drives while allowing other USB devices.

    http://www.symantec.com/business/support/index?page=content&id=TECH104299&locale=en_US How to block USB devices while excluding mouse and keyboard? http://www.symantec.com/business/support/index?page=content&id=TECH104299&locale=en_US">http://www.symantec.com/docs/TECH161779">http://www.symantec.com/business/support/index?page=content&id=TECH104299&locale=en_US

    How to block USB devices while excluding mouse and keyboard?

    http://www.symantec.com/docs/TECH161779

    You can create a test group and move test PC's into it.



  • 5.  RE: disable USB writting on SEP12 Manager

    Posted Aug 02, 2013 05:23 AM
      |   view attached

    There are two rules created by default in SEP12.1 for the purposes of blocking write attempts to USB storage (see attached screenshot).

    All you have to do is:

    1. Create a test group
    2. Create an Application and Device Control policy with the screenshotted rules ticked
    3. Assign this policy to the test group
    4. Move test clients into the test group

    Thats pretty much it.  Just make sure your test clients have the Application and Device Control component installed and you're set for testing.

    Just in case your test clients don't currently have the A&DC component installed, here's an article on how to change the feature sets of clients from the SEPM:
    http://www.symantec.com/docs/TECH203923



  • 6.  RE: disable USB writting on SEP12 Manager

    Posted Aug 02, 2013 05:51 AM

    Agree with above.

    Create a different group if policy need to apply on limited computer. Move that client systems on that group.

    Apply the below attach policy

    How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control

    http://www.symantec.com/business/support/index?page=content&id=TECH95813

    See the link

    https://www-secure.symantec.com/connect/forums/need-usb-read-only-access-only-adc-0



  • 7.  RE: disable USB writting on SEP12 Manager

    Posted Aug 02, 2013 07:22 AM

    Hi,

    You have to create separate containers for these requirements and move the SEPM to this group and apply the policy to block USB.

    Regards

    Ajin