Endpoint Protection

We will deploy SEP on Windows 7 machines and want to use SEP to block all USB storages.  How can i achieve such goal?

check these links

How to block or allow device's in Symantec Endpoint Protection
https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

How to block or allow device's in Symantec Endpoint Protection
https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299

How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779

How to block USB hard drives, but allow reading specific USB drives in the Application and Device Control Policy?
http://www.symantec.com/docs/TECH173724

Hello,

Here are the Steps to block the USB Drives -

1. First you have start and logon to “Symantec Endpoint Protection Manager”

2. In the main windows | tool bar select: “Policies” | Hardware Devices | right click and ADD

3. In Device Name write “USB Storage” and Device ID “USBSTOR*.*” | OK 

4. Then click inside “Application and Device Control” in the main menu and then right click inside “Application and Device Control” and Edit. 

5. Device Control | Blocked Devices and click Add

6. Select “USB Storage” and click OK

7. Active Notification: Mark: “Notify users when deviced is blocked”, click “Specify Message Text” ) | add messange | OK (c) and click OK.

8. To assign to the policy just click in “ASSIGN”

9. Select the group to be applied and click “Assign”

10. Done the policy will updated to all workstation member of this group.

Check these Articles:

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH175220

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

http://www.symantec.com/docs/TECH106304

How to block USB Keys with SEP

http://www.symantec.com/docs/TECH106361

Hope that helps!!

As I suspect you may have Windows 7 x64 machines, keep in mind Application and Device Control module is not compatible with 64bit environement if you are using SEP 11.0.

SEP 12.1 Application and Device Control module is however compatible with 64bit systems.

Thanks all for your advise.

I am now using x64 Windows 7 with SEP 11.0.7.  Is it the compatibility problem which John stated above?

Thumbs up to John!

SEP 11 Ru 7 the version you using is not compatible for ADC policy to run on 64 bit machine.

You need to have SEP 12.1 client to ADC to work.

Yes, if you have 64bit systems, you need to install SEP 12.1 if you want to be able to use Application and Device Control module. Please refer to the article below:

http://www.symantec.com/docs/TECH102267

Use the below link to disable USB

https://www-secure.symantec.com/connect/downloads/sep-policy-block-usb-and-exclude-keyboard-and-mouse

alot of ADC review link attach in below link

https://www-secure.symantec.com/connect/forums/adc-policy#comment-7085811

https://www-secure.symantec.com/connect/forums/usb-device-access

https://www-secure.symantec.com/connect/forums/sep11-application-device-control-sd-card-storage

Agree with John & Pete. You need to upgrade the version of SEPM with 12.1 for 64 bit clients systems

https://www-secure.symantec.com/connect/forums/sep-64bit-os-supported

https://www-secure.symantec.com/connect/forums/64-bit-systems-usb-block