I am require to change in device policy to add the access on user attach device?

I have some idea for access but i am little bit nervous and confuse because it is a risky in change of the policy

Please guide?

here is some articles

How to Block or Allow Devices in Symantec Endpoint Protection

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

I am suggesting you if you are not be sure then try it in test enviornment.

If you are not have a test enviornment then create a new group and apply the same policy here.

Add the device id of that device in the exclude column.

Follow the below Symantec article to make it easy for the access.

DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

DevViewer --Tool helpful for Application and Device control to find Hardware Device ID and GUID

https://www-secure.symantec.com/connect/downloads/devviewer-tool-helpful-application-and-device-control-find-hardware-device-id-and-guid 

Check the aticle

You can use the devviewer tool

How to Block or Allow Devices in Symantec Endpoint Protection

Guidance

http://www.symantec.com/avcenter/security/ADC/Configuring_Application_Control_1.1.pdf

https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

create a test group and test the policy before applying to all the groups.

Thanks all for your active participant.