How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control

http://www.symantec.com/business/support/index?page=content&id=TECH95813

Check this thread Also

https://www-secure.symantec.com/connect/forums/usb-device-read-only

https://www-secure.symantec.com/connect/forums/how-prevent-reading-files-sepm-121

Hi,

Go through the following article

How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control 

http://www.symantec.com/docs/TECH95813

Hello,

Check out this article, this should help - 

How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control

http://www.symantec.com/business/support/index?page=content&id=TECH95813

After setting up an Application and Device Control policy to block CD writing, CD writing is not blocked as expected, and write attempt is not logged

set here as read only ( as mentioned in article)

http://www.symantec.com/business/support/index?page=content&id=TECH104800

You can make CD/DVD read only by editing the USB read only policy (Application Control default policy) and then edit the * in the policy and select CD/DVD.

You need to be aware that CD/DVD ready only is only partially applied using Application Device Control.

Only when CD/DVD writing is done using Windows Writer using EXPLORER.exe then only application control will block it.

If you do it using Nero or any other program SEP will not block it. You will have to block such programs using Application Control.

Check this Thread:

https://www-secure.symantec.com/connect/forums/regarding-policy

Hope that helps!!

1. Log into the Symantec Endpoint Protection Manager (SEPM).
2. Click on the Policies.
3. Select edit the Application and Device control policy.
4. Click on Application Control in left hand pane. In the right hand pane, right click and select ADD.
5. Type in a context relevant name for the new rule in the Rule set name field.
6. Click on the ADD button at the bottom and select ADD Rule.
7. Right click newly created rule and choose Add Condition > files and folders Attempts.
8. Click on the ADD button for Apply to following files and folders
9. Use the Asterik Sign(*).
10. Selec the Removable Drive(Floppy drive, USB Drive) option and Aplly.

11. Than Ok.

12. Go to the action Tab in "files and folders Attempts".

13. Select the Read attemps with Allow Access and Create/Delete/Write Attempt with Block Access.

14. Then Ok.

Hi- If your issue is resolve then mark the valid comment as a solution

Hi,

This is not possible.

If you want not copy any data you can full block USB drive.

DLP agent might help to some extent.

Hi,

I am not sure you can try .

http://www.symantec.com/business/support/index?page=content&id=HOWTO11091

https://www-secure.symantec.com/connect/articles/sep-and-snac-unbeatable-combination

Hi All,

We have raised the same case in Symantec and they told us this is not possible only through ADC policy.

I have gone through the entire article which you guys given me above but nothing works.

 Is anyone having more idea about it?

HI,

We have already told your requirement not possible in SEP ADC policy.

Create a new ADC policy -->add file and folder rule --->add-->put * for files and folder-->and select removable drive and cd/DVD drive against only match file and folder-->ok-->go to action tab-->select continue processing for read attempt -->and block for write attempt.

did you try DLP agent, does that help?