There were issues on SEP 11 with TrueCrypt container files and ADC.

Compatibility between TrueCrypt and Application and Device Control

http://www.symantec.com/business/support/index?pag...

Hope this helps,

Thomas

I am interested in specific hardware that is designed as an encrypted USB device, not an unencryped device that happens to run encryption software.

https://support.ironkey.com/article/549

I have yet to locate any information on Symantec's website giving specific information on full encrypted USB thumb drives working within the SEE/Device Control environment. Rather than hunt for vendors that produce encrypted USB drives I thought perhaps Symantec might have a list of vendors they have worked with in the past that have been able to get their devices to work within the environment.

...if you have the options set within SEE-DC to block the 'Smart Functionality'?  It sounds as if this might be blocking your Ironkey from loading it's own authentication software, and would likely do the same for other encrypted devices.

I'm not aware of a list of supported encrypted removable storage devices though.

It's worth noting that SEE-DC is able to detect PGP and SEE-RS, and manage devices accordingly.  I know you weren't after encryption software but there you go.

I can tell you after trying for months to get a Stealth MX drive to work, that it may be difficult.

This thumb drive causes a BSOD when swiping a finger. Not consistent. Vendor did not want us to submit a sample device to Symantec. I guess that they felt that their secrets were at risk.

I discovered that the unsecured partition is formatted fat16 and that is the issue. Had they formatted it fat32 the problem could be avoided. They were not perceptive to my suggestion.

What I implemented is from network drive and USB drive I blocked any posible extension files posible cause for source of infection. For encryption, I'm not able to find any settings.

I implemented to block USB drives from network..and blocked some exe and mps file extensions.we are also looking for encryption?

We are using ironkeys without a problem. When you first connect an ironkey it "shows" itself to the system as a CD-ROM drive. The unlock software of the ironkey is located on this "CD-ROM" drive. When you run the executable you can unlock the usb key and mass storage part of the ironkey is made visible.

If you create an allow policy to only allow read and/or write operations to mass storage devices with the ironkey USB DEVICE ID you can block other mass storage devices and only allow ironkeys.