Symantec use the Device ID and the Global ID of the devices to block them. To perform the device control, Symantec uses Network Threat Protection.
To find the Device ID of a device you can use several application such as DEVVIEW.
Each device has an ID which indicates the class of the device. For instance all the monitors have same Global ID and all the keyboards have the same Global ID. Therefore you can use this ID to tell Symantec to block this category of devices. However in endpoint protection there is a long list of prepared categories and you can use them instead of finding and creating them.
In order to blocking the USB ports, you can use the prepared USB port in the list of devices in Symantec. But this solution will block the USB port and therefore all the devices connected to the USB port will be disabled. Instead, you can create a custom device, name it External USB Storage and in the Device ID write: USBSTOR*
This will block all the devices which can contain file and are connected to the computer via USB port, while the other USB devices such as printers and mice will still be usable.
To do so, in the Symantec console from the Policy tab:
... => Policy Components [Click to Open]
... => Hardware Devices
... => Add [Right Click]
... => ... => Device Name: External USB Storages
... => ... => Device ID: USBSTOR*
Now answer to your question!
To ensure that all the external USB storage are disabled, be sure that the Symantec endpoint agent is functioning on that PC correctly . Because if that agent is functioning well, this means that it blocks the port.
But if you mean that you want to be sure if some one has used the port you receive a notification, this means that you have to use an other application on that systems. Therefore if there is a probability that Symantec Client stops functioning, there will be the same probability that the third paty application stops functioning too.
However, trust the Symantec Endpoint Protection, that is the best solution!