We will deploy SEP on Windows 7 machines and want to use SEP to block all USB storages. How can i achieve such goal?
check these links
How to block or allow device's in Symantec Endpoint Protection
How to block USB flash drives while allowing other USB devices.
How to block USB devices while excluding mouse and keyboard?
How to block USB hard drives, but allow reading specific USB drives in the Application and Device Control Policy?
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Use the below link to disable USB
alot of ADC review link attach in below link
Here are the Steps to block the USB Drives -
1. First you have start and logon to “Symantec Endpoint Protection Manager”
2. In the main windows | tool bar select: “Policies” | Hardware Devices | right click and ADD
3. In Device Name write “USB Storage” and Device ID “USBSTOR*.*” | OK
4. Then click inside “Application and Device Control” in the main menu and then right click inside “Application and Device Control” and Edit.
5. Device Control | Blocked Devices and click Add
6. Select “USB Storage” and click OK
7. Active Notification: Mark: “Notify users when deviced is blocked”, click “Specify Message Text” ) | add messange | OK (c) and click OK.
8. To assign to the policy just click in “ASSIGN”
9. Select the group to be applied and click “Assign”
10. Done the policy will updated to all workstation member of this group.
Check these Articles:
How to Block or Allow Devices in Symantec Endpoint Protection
How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.
How to block USB Keys with SEP
Hope that helps!!
Associate Security Architect
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
As I suspect you may have Windows 7 x64 machines, keep in mind Application and Device Control module is not compatible with 64bit environement if you are using SEP 11.0.
SEP 12.1 Application and Device Control module is however compatible with 64bit systems.
Please remember to mark the proper comment as SOLUTION:
- to identify threads that do not require further assistance
- to let other visitors know how to fix such issue
Thanks all for your advise.
I am now using x64 Windows 7 with SEP 11.0.7. Is it the compatibility problem which John stated above?
Yes, if you have 64bit systems, you need to install SEP 12.1 if you want to be able to use Application and Device Control module. Please refer to the article below:
Thumbs up to John!
SEP 11 Ru 7 the version you using is not compatible for ADC policy to run on 64 bit machine.
You need to have SEP 12.1 client to ADC to work.
Agree with John & Pete. You need to upgrade the version of SEPM with 12.1 for 64 bit clients systems