Video Screencast Help

How to input device ID into Device Selection on Application and Device Control Policies

Created: 07 Mar 2013 • Updated: 08 Mar 2013 | 4 comments
Barkah MLPT's picture
This issue has been solved. See solution.


I'm using SEPM 11, and I want to set the policy to block a new hardware device on the SEP client machine. Suppose in this case i want to block the usb modem device, and i have to get the device ID by using DevViewer tool. Then, how i can input the device ID into Device Selection list on Application and Device Control Policies?

Thanks & Regards,

Operating Systems:

Comments 4 CommentsJump to latest comment

ᗺrian's picture

Gather the Device ID of device(s) using the DevViewer tool:

1. Find the DevViewer.exe tool on the SEP 11.0.X CD2 in the CD2\Tools\NoSupport\DevViewer folder.

2. Plug in the device you want to gather the GUID from.

3. Run the DevViewer.exe tool and browse to find the device. (Example, for a thumb drive, look under Disk drives)

4. Select the device, and on the right you will see information about the device.

5. Right click the [GUID] and select Copy GUID.

6. Exit the DevViewer Tool.

Add the Hardware Device into Symantec Endpoint Protection Manager policy:

1. In the SEPM, select the Policies view.

2. In the upper left corner of the console, under the View Policies section, click on Policy Components to expand the sub-list.

3. Under Policy Components, select Hardware Devices.

4. Under Tasks, select Add a Hardware Device

5. Type in the Name you wish to call your device (example: Administrator's Thumbdrive).

6. Select the class ID option, click in the text box and use CTRL-V to paste the Device ID you copied from the DevViewer tool.

7. Click OK.

Add Hardware Device to Blocking list:

1. In the SEPM, Under View Policies, select Application and Device Control

2. Right click your Application and Device Control Policy and select Edit.

3. Select the Device Control view.

4. Under the Blocked Devices section, click Add, select the device you added in the previous section and click OK and click OK


Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Shailendra Pal's picture


1) first you go to policy tab in SEPM console

2) click on policy components and choose Hardware device

3) here you can add your device id which you want to block and allow as per your requirement,

4) you can found the device id in system device manager and choose your device  go to property / details here you can found GUID and Device ID,

5) once you add the device id in policy, then you go application control policy and add the device id in block or allow group.