Endpoint Protection

 View Only
  • 1.  HOW TO BLOCK PEN/THUMBDRIVE only

    Posted Oct 14, 2009 02:44 AM
    BY THE APPLICATION AND DEVICE CONTROL. I BLOCK THE USB DRIVE BUT IT BLOCKS BY THE IDENTIFICATION IT BLOCKS PEN DRIVE AND ALSO MOUSE AND KEYBOARD BUT I WANT TO BLOCK ONLY PEN/THUMB DRIVE.BUT IT BLOCKS ALL USB EG. MOUSE AND KEYBOARD AND ALSO PEN DRIVE BUT I WANT TO BLOCK ONLY PEN DRIVE.HOW CAN I PROGRESS?

    Soumya Ghosh



  • 2.  RE: HOW TO BLOCK PEN/THUMBDRIVE only

    Posted Oct 14, 2009 02:52 AM
    Hi,

            To block USB Drives (ThumbDrives, Hard Drives) while not blocking a specific USB drive in the Device Control policy, you must gather the Device ID for the specific device, add that device into the Hardware Devices list in the SEPM, then block Disk Drives and exclude the devices you want to still use in the Application and Device Control policy.

    Gather the Device ID of device(s) to exclude using the DevViewer tool:
    1. Find the DevViewer.exe tool on the SEP 11.0.X CD2 in the CD2\Tools\NoSupport\DevViewer folder.
    2. Plug in the device you want to gather the Device ID from.
    3. Run the DevViewer.exe tool and browse to find the device. (Example, for a thumb drive, look under Disk drives)
    4. Select the device, and on the right you will see information about the device.
    5. Right click the [device id] and select Copy Device ID.
    6. Exit the DevViewer Tool.

    Add the Hardware Device into SEPM policy:
    1. In the SEPM, select the Policies view.
    2. In the upper left corner of the console, under the View Policies section, click on Policy Components to expand the sub-list.
    3. Under Policy Components, select Hardware Devices.
    4. Under Tasks, select Add a Hardware Device
    5. Type in the Name you wish to call your device (example: Administrator's Thumbdrive).
    6. Select the Device ID option, click in the text box and use CTRL-V to paste the Device ID you copied from the DevViewer tool.
    7. Click OK.

    Add Disk Drives and the Hardware Device to allow to the Devices Excluded From Blocking list:
    1. In the SEPM, Under View Policies, select Application and Device Control
    2. Right click your Application and Device Control Policy and select Edit.
    3. Select the Device Control view.
    4. Under the Blocked Devices section, click Add, select Disk Drives and click OK. (If Disk Drives isn't listed, it is already added as a Blocked Device).
    5. Under Devices Excluded From Blocking, click Add.
    6. Select the device you added in the previous section and click OK.
    7. Click OK to the Application and Device Control policy window. SEP clients in Client Groups that currently have this policy assigned will get the changed policy from the SEPM.

    When the clients get the new policy, they may need to be rebooted for the policy to work correctly.  If so, there will be a notification message on the client that a reboot is necessary for the new policy change, and the client will be listed in the Reboot Required logs in the SEPM.

    Adding a device id.JPG


    You can also exclude the HID USB devices such as Keyboard, Mouse




  • 3.  RE: HOW TO BLOCK PEN/THUMBDRIVE only

    Posted Oct 14, 2009 03:06 AM
    1. Open 'Application and device control' policy in Symantec Endpoint Protection Manager.
    2. Click on the device control tab.
    3. Under the 'blocked devices' section click the ADD button and select the USB option.
    4. Click the ADD button under "Excluded from Blocking" and select, one by one, all of the other devices that use USB that should not be blocked (eg: pointing devices, keyboard, cameras, joysticks, HDD, etc. )
    5. Click Ok to save the changes and assign policy.
     


  • 4.  RE: HOW TO BLOCK PEN/THUMBDRIVE only

    Posted Oct 14, 2009 04:37 AM
    In blocked devices Select USb drives
    in excluded devices select Human Interface devices. 


  • 5.  RE: HOW TO BLOCK PEN/THUMBDRIVE only

    Posted Oct 22, 2009 06:44 AM

    Whether your problem got solved or it is still present?

     


  • 6.  RE: HOW TO BLOCK PEN/THUMBDRIVE only

    Posted Oct 22, 2009 10:46 AM
    This document should help you out

    How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008102008020548

    In device control policy you have 2 parts
    whatever you place on top will be blocked.
    whatever excluded will be at the bottom will be ignored
    so block all usb but allow once which are at the bottom.