Endpoint Protection

Hi

Yesterday in our office one of my colleague who is under USB BLOCKED GROUP  informed me that his USB flash memory is not working.I got really shocked when he asked this question to me since how come he can access USB FLASH memory when he is under USB BLOCKED GROUP.

And moreover I again and again confirmed with that guy because he told that he copied some songs which he dwonloaded and copied to his neighbour's FLASH MEMORY and given.

Shocked and went immediately to the symantec manager console and checked ; still he is under USB BLOCKED GROUP only and in his pc's symantec client which also shows as under USB BLOCKED GROUP.

Can anybody please suggest the reason and how to ensure the real USB protection to prevent virus attack and data leak?

Thanks & Regards

S.Swaminathan 

Check first if your clients have 64-bit OS. Application and Device Control (ADC) only works on 32-bit Windows OS.

If it's currently working I'd think that confirms that it's a 32-bit OS. 

When was Application and Device control installed? Was the machine rebooted after A&DC installation? 

Are there any exclusions in place to allow specific USB keys (based on device ID) in your network? 

Hello,

Few Things to check on his machine.

1) Was the machine restarted after the ADC policy applied?

2) Is the SEP installed with NTP and ADC?

3) Are the Policies created by taking samples of each USB's device ID OR Are there any exclusions created OR are all the USB's blocked?

Make sure you check the same!!

Hi

In our company all the pc's are having windows xp professional sp3 except few which are having windows 7 professional 32 bit.

This problem happened a few times only in some pc's but not repeating after the next day pc restart when the particular client came in the morning and restarted the pc.

How to ensure that all the pc's are USB BLOCKED from the sepm console?Is there any log to check in that console?

Please advise!

Thanks & Regards

S.Swaminathan

There is no rule testing in Symantec.Hope gets implimented soon as that we can test a rule before implimenting it.

I recommend creating a test group and placing test clients in there (or moving single clients into that group if you don't have the resources). 

Hi

The delayed response is due to company holidays.What I found from the pc where usb port allowing files to be copied from the pc is not the flash memory ( USB THUMB DRIVE).I checked from the same pc by asking the user to demonstrate.What I observed is he is copying the files from his pc to his Nokia E72' memory .

How to block even this type?

Sounds like you need to use devviewer (found in the tools folder on the installation media) and either block by class or device id.