Endpoint Protection

 View Only

  • 1.  Symantec EndPoint block device

    Posted Sep 28, 2011 03:22 AM

    Dear Support,

    We are using SEP Device Control Center to block all devices except of some Wireless keyboard and mouse devices using the unique GUID key per device. I see in Microsoft that there is an easy way for a user to create custom properties for a device and assign custom GUID.

    Can users see the GUID that they have on there mouse device for example and then remove mouse and assign the GUID to an exeternal storage in order to trick Symantec End Point and allow access to their storage device?

    If this is doable then how this can be locked and how we can avoid it?

     

    Regards,

    John



  • 2.  RE: Symantec EndPoint block device

    Broadcom Employee
    Posted Sep 28, 2011 03:49 AM

    Policies are set on SEPM hence only few administrators will have acces to SEPM to edit the policy, only those users can edit the policy not the end user on client machine.



  • 3.  RE: Symantec EndPoint block device

    Posted Sep 28, 2011 04:33 AM

    Only admin has access to change the policy correct but

    If User attach a storage he will get the message that his device is blocked. but if he removes his mouse for example that is allowed and assign the mouse GUID to the storage? Then Symantec will not block the storage because it has the allowed GUID that the mouse had before. correct?



  • 4.  RE: Symantec EndPoint block device

    Trusted Advisor
    Posted Sep 28, 2011 07:16 AM

    Hello,

    I believe you are talking about this Article: 

    http://msdn.microsoft.com/en-us/library/windows/hardware/ff540199(v=vs.85).aspx

    However, I am failing to understand how would somebody know what is allowed and what is not allowed and how has been the policy designed and applied??