Endpoint Protection

 View Only

  • 1.  Symantec Device Control Settings

    Posted Jul 04, 2013 04:38 AM

    Hi,

    We are using symantec EP v12.1.2 

    We are facing some issues in blocking the USB devices , if we block storage volumes in blocked device in device control policy, all the users using symantec clients blocks the internal disk drive (example D:/ ,E:/ but it excluding C:/ drive ...

    Our requirement is to block the USB drives and external hard disk..

    second thing usb storage drives should automatically detect by symantec clients without using "devViewer" tool

    Eventhough we have excluded the storage vloume, disk drives in device control the disk drives are unable to see in cleint systems...

    Solution we did is, we have restored the systems in restore point option

     

    Please advice for the same,

     

    Regards,

    krish...

     

     



  • 2.  RE: Symantec Device Control Settings

    Posted Jul 04, 2013 08:13 AM

    The C: drive is not considered a "removable device" This is for the OS.



  • 3.  RE: Symantec Device Control Settings

    Posted Jul 04, 2013 08:28 AM

    Ok ....

    Then how to differnciate the inside drive and external drive in SEPM 

    .....Only thing to block the external storage device ... (eg : Pendrives and external harddisk)

     

    rds,

    krish..



  • 4.  RE: Symantec Device Control Settings

    Posted Jul 04, 2013 09:45 PM

    import this policy 

    https://www-secure.symantec.com/connect/forums/sepm-not-block-external-usb-hardisk

     



  • 5.  RE: Symantec Device Control Settings

    Posted Jul 05, 2013 03:48 AM

    I normally recommend creating a hardware device (in Policies -> Policy Components -> Hardware Devices), using the below string:

    USBSTOR\*

    This is already used in the application control policies relating to USB and removable storage control, so is nothing new, and should match most usb storage devices.



  • 6.  RE: Symantec Device Control Settings

    Posted Jul 05, 2013 05:21 AM

    Hi

    Please exclude the Storage Volumes as it might happen that the drives which are missing would be your logical drives

    Regards



  • 7.  RE: Symantec Device Control Settings

    Posted Jul 06, 2013 01:05 PM

    Agree with SMLatCST, you can use the usb store to disable external drive.

    USBSTOR\*

    How to Block or Allow Devices in Symantec Endpoint Protection

     

    Article:TECH175220  |  Created: 2011-11-23  |  Updated: 2012-05-31  |  Article URL http://www.symantec.com/docs/TECH175220

     



  • 8.  RE: Symantec Device Control Settings

    Trusted Advisor
    Posted Jul 08, 2013 10:46 AM

    Hello,

    Any USB Storage device
     
    USBSTOR*
     
    Any USB Disk
     
    USBSTOR\DISK*
     
    Any USB SanDisk drive
     
    USBSTOR\DISK&VEN_SANDISK*
     
    Any USB SanDisk Micro Cruzer drive
     
    USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO*
     
    A specific SanDisk device
     
    USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0

    Check these Articles:

    How to block USB flash drives while allowing other USB devices.

    http://www.symantec.com/docs/TECH104299

    How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

    http://www.symantec.com/docs/TECH106304

    How to Block or Allow Devices in Symantec Endpoint Protection

    http://www.symantec.com/docs/TECH175220

     

    Hope that helps!!