Symantec EndPoint MR4 blocks HP Workstations Hard Drives causing BSOD (11.0.4x)
Hey Everyone,
Need a bit of help.
We are having a strange issue were I am setting up device control for removable devices.
I have setup the policy and applied it to my laptop and it works perfectly blocking removabe devices.
When I apply the policy to HP Workstations the machines HDD gets blocked and the PC BSOD. After that I need to go to Safe mode and re apply the old policy.
I used the devtool on CD 2 to look for the device ID and add it into Symantec. The only problem is every PC has a different device ID and we have different models of the HP mainly the xw4400.
I don't really want to exlude the hdd of 30 PCs in our office.
I have one policy that blocks a few applications and also blocks devices.
Disk Drives
Floppy
I have also enabled the rule to only filter removable drives.
Here is an example of what Symantec blocks.
[class name]: <Unknown>
[guid]: {4d36e967-e325-11ce-bfc1-08002be10318}
[device id]: IDE\DISKST380815AS______________________________3.CHF___\52393758584A574D202020202020202020202020
[MFG string]: (標準ディスク ドライブ)
[provider]: Microsoft
[driver data]: 2001/07/01
[driver version]: 5.1.2535.0
[hidden device]: false
[Disabled]: false
[PNP device]: true
[can be disabled]: true
[device node]: 0xf8c
[class name]: <Unknown>
[guid]: {4d36e967-e325-11ce-bfc1-08002be10318}
[device id]: IDE\DISKST380815AS______________________________3.CHF___\523937585A4A4B35202020202020202020202020
[MFG string]: (標準ディスク ドライブ)
[provider]: Microsoft
[driver data]: 2001/07/01
[driver version]: 5.1.2535.0
[hidden device]: false
[Disabled]: false
[PNP device]: true
[can be disabled]: true
[device node]: 0xf6c
If anyone could help with this it woudl be greatly apprecaited.
Please note although very
Please note although very simular the device ID are different on those two entries.
Try by creating exclusion
Try by creating
exclusion based on guid (Class Id)
Below doc can help you in this..
How to block USB Thumb Drives and USB Hard Drives, but
allow specific USB Drives in the Application and Device Control Policy in
Symantec Endpoint Protection
consider this possibility also.
How to block USB flash drives while allowing other USB devices.
Class ID
Can you try using the class id instead and see whether it makes a difference
Thanks & Regards
Sandip C Sali
Thanks for your all input.
Thanks for your all input.
The problem is if I exclude based on Class ID it will allow all hard drives and even my thumb drive has the same class ID e.g.
{4d36e967-e325-11ce-bfc1-08002be10318}
I need to allow the hard drives on the HP workstations but block USB thumb drives...
I can't block USB either as I need to be able to use bar code readers, and windows mobiles phone with active sync.
Any other ideas?
[can be disabled]: true
I think the main problem might be is with the HP Workstation there hard drives come up with
[can be disabled]: true
When I use dev view and look at the hard drive on my laptop that the policy works on I get this:
[class name]: <Unknown>
[guid]: {4d36e967-e325-11ce-bfc1-08002be10318}
[device id]: IDE\DISKTOSHIBA_MK6025GAS_______________________KA200A__\5&2288DCF3&0&0.0.0
[MFG string]: (Standard disk drives)
[provider]: Microsoft
[driver data]: 7/1/2001
[driver version]: 5.1.2535.0
[hidden device]: false
[Disabled]: false
[PNP device]: true
[can be disabled]: false
[device node]: 0xfcc
Why would a hard drive hosting a operating system come up with that?
Would you like to reply?
Login or Register to post your comment.