Video Screencast Help

usb device blockage

Created: 17 Sep 2012 • Updated: 18 Sep 2012 | 5 comments
This issue has been solved. See solution.

pls provide step to create the policy to disable the USB device

Comments 5 CommentsJump to latest comment

rs_cert's picture

this the exact link for your required detail

http://www.symantec.com/business/support/index?page=content&id=TECH104299&locale=en_US

 

Below step

  1. Open an existing policy or click Add an Application and Device Control Policy.
  2. Click on the Device Control tab.
  3. Under the Blocked Devices section click the ADD button and select the USB option.
  4. Click the ADD button under Excluded from Blocking and select, one by one, all of the other devices that use USB that should not be blocked (eg: pointing devices, keyboard, cameras, joysticks, HDD, etc. )
  5. Click OK to save the changes and assign policy.
SOLUTION
.Brian's picture

Previous thread will help:

https://www-secure.symantec.com/connect/forums/blo...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jamit's picture

Some experiences I have had with USB blocking (SEP11) using the following guides from Symantec. 

 

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection

http://www.symantec.com/business/support/index?pag...

Allowing approved Devcies 

http://www.symantec.com/business/support/index?pag...

We also have had staff work around the above some examples are;

On Andriod devices there is a USB Debugging feature. This particular user was using a Samsung Galaxy S2 on andriod 2.3.5 (Gingerbread). The SEP client did popup and say it had blocked the device but the user pressed on the device disconnect and connect and was able to browse copy and paste to the phone  from there PC. 

Jail Broken iPhone's with a application call iExplorer installed could also access there mass storage. However the user would also need elivated privlages to there workstation for this to work. 

Another one was able to share a network drive from the using device and then brouse to the share from the local machine. Again the user needs to have the access to share a drive. 

Also note that SD Cards are not block by USB Thumbdrive polices. You will need to develop separte policy for these devices. I stopped my investigation into SD cards when I plugged I got two different SD Cards and they presented 2 different device ID's. This was on one particular model of Dell laptop though. This to us meant that we would possibly have to have a sample of each SD ever produced. 

Also remember that SEP 11 for Windows 7 64bit does not support Application and Device control. 

 

 

 

 

Ashish-Sharma's picture

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection

http://www.symantec.com/business/support/index?page=content&id=TECH106304.

How to Block or Allow Devices in Symantec Endpoint Protection

http://www.symantec.com/business/support/index?page=content&id=TECH175220

Check this thread

https://www-secure.symantec.com/connect/forums/how-can-i-disable-usb-flash-device-through-sepm

Note: When you will apply policy Check NTP Feature also Installed IN sep client.

Thanks In Advance

Ashish Sharma