I will have to change the policy of one group from usb block to RO, is it be easy to change?

In this group some of the senior team laptop and systems have been placed.

Can i recreate the policy or modify it?

You can modify the same policy in RO.

How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control

How to block USB hard drives in SEP, but allow reading specific USB drives in the SEPM Application and Device Control Policy

Similar Forum

https://www-secure.symantec.com/connect/forums/ro-access-using-adc

https://www-secure.symantec.com/connect/forums/how-prevent-reading-files-sepm-121

Go to the policies in the group where you require to modify.

Double click on Application and Device Control policy under policies.

Click on Application Control select the following options:

• Make all removable drives read-only
• Block writing to USB drives

Remove the USBSTOR* from Device Control.

Click Ok.

After the next heartbeat policy will be applied

Modify it. Leave it in test for a short time to "test" the change. You can review the logs to see what would be blocked and add necessary exclusions if needed. Once comfortable then switch to production.

Hi,

Thank you for posting in Symantec community.

Need to create a separate group & assign new RO policy to it. Move those senior team members PC to the same group.

Follow these steps:

1. ​Select Application and Device Control
2. Create a new  Application and Device Control policy, name specific like Read Only to avoid any conflict.
3. Click on Application Control and select the following options:
4. Make all removable drives read-only
5. Block writing to USB drives
6. Assign the policy to the client(s) in question
7. Reboot the client(s) to implement the policy.