Endpoint Protection

Hi

I am fairly new to SEP and am trying to block access to all forms of USB storage on our client machines. I have made USB flashdrives read only, but this only accounts for flash drives and not larger capacity USB drives. Am trying to find out what the definition is for "storage volumes" under the Device Control section. I have added this to the list of blocked devices and tested it on a single machine by plugging in a 300gb usb drive, but it comes up as per normal.

I am still on v11 without any MR updates applied as of yet.

Any assistance would be greatly appreciated.

Thanks v much.

first of all don't use anything lower than MR3. For more detailed infromation about Device Control please check the manual and Knowledge Base (i.e.

How to block USB ThumbDrives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.)

first of all don't use anything lower than MR3. For more detailed infromation about Device Control please check the manual and Knowledge Base (i.e.

How to block USB ThumbDrives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.)


Thanks for the reply, will get on to it.

Bruce

is that it does not tell you that the full Device ID is unique between client computers. For example, we have desktop scanners we want to allow. When we followed those procedures it allowed the scanner, but only on the computer we gathered the Device ID from. It blocked it on all others. In addition, it's supposedly possible for the Device ID on a given computer to change if other USB devices on the computer are removed or installed.

If the Device ID looks like this: USB\VID_05DC&PID_A430\302AC711204744131005 and you allow precisely that, it won't work on another computer.

If you enter it wildcarded like this:

USB\VID_05DC&PID_A430\*

it will work on other computers.

FWIW,

Ray