Endpoint Protection

Howdy All

I'm facing a problem with my customer because of an issue related to Device Control in SEP 12.1 where the logical partitions (D:\, E:\, etc.) will disappear after choosing to block "Storage Volumes" in the DC policy.

I also tried to add USBSTOR\Disk* as a device ID and then use it the policy. It works well (blocking only removable storages) until I reboot the machine, at which point it will block any partitions other than C:\.

I'm using the latest SEP 12.1.1.1 but I've faced this in all 12.1 versions down to the RTM. This wasn't an issue in SEP 11.x.

Please help!

Thanks

- Mohammad

remove the policy and apply only USB blocking.

Apply the USB blocking policy. If it not working then implement it as per attach below link

How Symantec Endpoint Protection Device Control processes Windows device GUIDs and device IDs.

http://www.symantec.com/docs/HOWTO60964

DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH103401

one more link

https://www-secure.symantec.com/connect/downloads/devviewer-tool-helpful-application-and-device-control-find-hardware-device-id-and-guid

Thanks Pete. Could you please elaborate more on this?

- Moh

Check out this Thread

https://www-secure.symantec.com/connect/forums/advice-how-block-usb-storage-devices

I've tried many, many solutions without a success. Even adding a special Device ID for removable storage only worked temporarily - upon a reboot it will no more have any effect and partitions will be lost again.

The only solution that really worked for me is blocking the USB port entirely and allowing desired device classes; like HID, printers, etc.

Thanks everyone!

- Moh