Hey Everyone,
Need a bit of help.
We are having a strange issue were I am setting up device control for removable devices.
I have setup the policy and applied it to my laptop and it works perfectly blocking removabe devices.
When I apply the policy to HP Workstations the machines HDD gets blocked and the PC BSOD. After that I need to go to Safe mode and re apply the old policy.
I used the devtool on CD 2 to look for the device ID and add it into Symantec. The only problem is every PC has a different device ID and we have different models of the HP mainly the xw4400.
I don't really want to exlude the device ID of every hdd in our office.
I have one policy that blocks a few applications and also blocks devices.
Disk Drives
Floppy
I have also enabled the rule to only filter removable drives.
Below is an example of the OS HDD EndPoint is blocking:
[class name]: <Unknown>
[guid]: {4d36e967-e325-11ce-bfc1-08002be10318}
[device id]: IDE\DISKST380815AS______________________________3.CHF___\52393758584A574D202020202020202020202020
[MFG string]: (標準ディスク ドライブ)
[provider]: Microsoft
[driver data]: 2001/07/01
[driver version]: 5.1.2535.0
[hidden device]: false
[Disabled]: false
[PNP device]: true
[can be disabled]: true
[device node]: 0xf8c
Also if I exclude based on Class ID it will allow all hard drives and even my thumb drive has the same class ID e.g.
{4d36e967-e325-11ce-bfc1-08002be10318}
I need to allow the hard drives on the HP workstations but block USB thumb drives...
I can't block USB either as I need to be able to use bar code readers, and windows mobiles phone with active sync.
I think the main problem might be is with the HP Workstation there hard drives come up with
[can be disabled]: true
When I use dev view and look at the hard drive on my laptop that the policy works on I get this:
[class name]: <Unknown>
[guid]: {4d36e967-e325-11ce-bfc1-08002be10318}
[device id]: IDE\DISKTOSHIBA_MK6025GAS_______________________KA200A__\5&2288DCF3&0&0.0.0
[MFG string]: (Standard disk drives)
[provider]: Microsoft
[driver data]: 7/1/2001
[driver version]: 5.1.2535.0
[hidden device]: false
[Disabled]: false
[PNP device]: true
[can be disabled]: false
[device node]: 0xfcc
Why would a hard drive hosting a operating system come up with that? If you could provide any help it would be greatly appreciated.
Thanks!