Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

USB Block

Created: 27 Sep 2012 • Updated: 01 Oct 2012 | 8 comments
This issue has been solved. See solution.

I have been using SEPM for last 5 years. My SEPM ver. 12 RU1 MP1

Please check my USB device control policy. I installed new SEP 64 bit client to WIN 7 64bit HP branded PC's. I got complains from all users that the can not see their D: drive. It blocked by Symantec. 

I tried removing Storage volumes from the policy and then solved the issue but USB flash drives get detected. We are not allowed USB flash drives for all users.I'm in a big trouble now..

Do I have to Block Storage volumes to disable flash drives ?

I checked lot of guides provided by Symantec and forums. But couldn't block USB flash drives without blocking Storage volumes class.

I don't want to get device ID's of internal hard disk partitions.

Pls provid a proper solutions for this...

Comments 8 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

How to use Application and Device Control to block all USB devices except those I specifically want to allow

http://www.symantec.com/business/support/index?page=content&id=TECH105770&actp=search&viewlocale=en_US&searchid=1334609914324

Check this thread

http://www.symantec.com/connect/forums/how-block-usb-using-sepm-windows-7

Thanks In Advance

Ashish Sharma

pete_4u2002's picture

is D:\ under storage? did you check the dev viewer?

Mohan Babu's picture

Can you please check what Pete suggested... Hope it will be easier to isolate hte issue...

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

SMLatCST's picture

Have you tested the below at all?

Create new hardware device with device ID of:

USBSTOR*

Add this new hardware device entry to the block list and remove storage volumes (this can also replace you current USBSTOR\Disk* entry too).

Doing this will specifically target USB storage devices, and is my personal preferred method of blocking.

Hope it helps.

Mithun Sanghavi's picture

Hello,

I would suggest you to check these Articles:

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

http://www.symantec.com/docs/TECH106304

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/docs/TECH175220

and 

WhitePaper on Application and Device Control:

http://www.symantec.com/avcenter/security/ADC/Configuring_Application_Control_1.1.pdf

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Nagesh Singh's picture

Hello,

I would suggest you to check these.

In order to import the policy:

  1. Download the attached policy file
  2. Go to the "Policies" page.
  3. Select Application and Device Control.
  4. Click Import an Application and Device Control policy.
  5. In the "Import Policy" dialog box, browse to locate the ".dat" file that you have downloaded.
  6. Click Import.
  7. Apply the new imported policy to your clients.

Thanks & Regards,

Nagesh Singh

Nagesh Singh's picture

Please find the Attachment.

AttachmentSize
Application and Device Control policy for USB Block.zip 407.22 KB

Thanks & Regards,

Nagesh Singh

PRABHATH_R's picture

Thanks...

I found out Disk drives class shouldn't be in exclude devise group

If you exclude this from blocking it will allow USB flash drives even USB class is blocked.

Do not include Disk Drives and Storage Volume class to any Group if need to block USB class

SOLUTION