Video Screencast Help

How to block USB using SEPM for Windows 7

Created: 30 May 2012 | 8 comments

We will deploy SEP on Windows 7 machines and want to use SEP to block all USB storages.  How can i achieve such goal?

Comments 8 CommentsJump to latest comment

pete_4u2002's picture

check these links

How to block or allow device's in Symantec Endpoint Protection
https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

How to block or allow device's in Symantec Endpoint Protection
https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

How to block USB flash drives while allowing other USB devices.
http://www.symantec.com/docs/TECH104299

How to block USB devices while excluding mouse and keyboard?
http://www.symantec.com/docs/TECH161779

How to block USB hard drives, but allow reading specific USB drives in the Application and Device Control Policy?
http://www.symantec.com/docs/TECH173724

 

Mithun Sanghavi's picture

Hello,

Here are the Steps to block the USB Drives -

1. First you have start and logon to “Symantec Endpoint Protection Manager”

2. In the main windows | tool bar select: “Policies” | Hardware Devices | right click and ADD

3. In Device Name write “USB Storage” and Device ID “USBSTOR*.*” | OK 

4. Then click inside “Application and Device Control” in the main menu and then right click inside “Application and Device Control” and Edit. 

5. Device Control | Blocked Devices and click Add

6. Select “USB Storage” and click OK

7. Active Notification: Mark: “Notify users when deviced is blocked”, click “Specify Message Text” ) | add messange | OK (c) and click OK.

8. To assign to the policy just click in “ASSIGN”

9. Select the group to be applied and click “Assign”

10. Done the policy will updated to all workstation member of this group.

 

Check these Articles:

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH175220

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

http://www.symantec.com/docs/TECH106304

How to block USB Keys with SEP

http://www.symantec.com/docs/TECH106361

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

John Q.'s picture

As I suspect you may have Windows 7 x64 machines, keep in mind Application and Device Control module is not compatible with 64bit environement if you are using SEP 11.0.

SEP 12.1 Application and Device Control module is however compatible with 64bit systems.

 

Please remember to mark the proper comment as SOLUTION:
 - to identify threads that do not require further assistance
 - to let other visitors know how to fix such issue

MAC Admin's picture

Thanks all for your advise.

 

I am now using x64 Windows 7 with SEP 11.0.7.  Is it the compatibility problem which John stated above?

John Q.'s picture

Yes, if you have 64bit systems, you need to install SEP 12.1 if you want to be able to use Application and Device Control module. Please refer to the article below:

http://www.symantec.com/docs/TECH102267

 

Please remember to mark the proper comment as SOLUTION:
 - to identify threads that do not require further assistance
 - to let other visitors know how to fix such issue

pete_4u2002's picture

Thumbs up to John!

SEP 11 Ru 7 the version you using is not compatible for ADC policy to run on 64 bit machine.

You need to have SEP 12.1 client to ADC to work.