Video Screencast Help

USB Device Control

Created: 26 Jul 2011 • Updated: 26 Jul 2011 | 17 comments

Hi Guys,

I came to know that there is a method to block USB devices in symantec using device control..So i tried and i found that all keyboard, mouse and other devices connected in USB is stopped working after that i revert the changes and it started working..

Now i need a clear method for blocking those usb devices except the keyboard, mouse and others..

Is there any way to apply this policy only for a particular group?

Kindly suggest..

Comments 17 CommentsJump to latest comment

Srikanth_Subra's picture

Iam having one doubt if i exclude the Human interface devices it will exclude the keyboard, mouse etc..

i added only usb to block but why the others got blocked..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Rafeeq's picture

when you say USB; it wil block all usb; so u need exclude human interface USB.

Pete_ACC's picture

Go into Device Control and under Blocked Devices click add & select 'Disk Drives' in the device selection window - this will only block external drives. Adding 'Human Interface Devices' will block keyboards, mice etc.

Mithun Sanghavi's picture

Hello,

It is a simple understanding.

When you are applying a policy to Block USB only, that includes all USB devices. In today's world, Mouse and Keyboard works on USB only. If I am not mistaken, you may have selected Block USB's

 

Few Articles for your Quick Accessability:

1) How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

 
 
2) How to block USB flash drives while allowing other USB devices.
 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Srikanth_Subra's picture

i referred these articles only before trying..but when i included whole USB thing my mouse and keyboard got blocked..so only iam asking..it is not possible to find the USB devices roaming around na..so only i asked you..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

kindly provide me the solution..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Rafeeq's picture

Yes not possible so you need to use the DEviewer tool which is found in CD2 of SEPM.

find the device ID; ADD that ID to block USB; 

You need to exclude human interface devices , or else it will block

PrabhakarJ's picture

Hi,

Let me summerize your problem and then a solution.

Problem-  You need to block USB, Mass storage, External Disks but want to keep open access for

Mouse, Keyboards. You want to implement this on a perticular group.

 

Solution:

1. Create a group in SEP

2. Click on the Group Name and navigate to Policies Tab.

3. Uncheck the option from "Inherit policies and Settings from Parent Group"

4. Set all other policies as per your requirements.

5. Click on 'Application and Device Control Policy' and choose to Create a Non-Shared Policy Copy.

6. Click on 'Device Control' Tab on the left side

7. Choose devices that you want to block in first part. ( USB, Camera, Flash Drive, Memory Cards,etc)

8. Choose the devices that you want always opne under UNBLOCK catagory. (HID devices)

- Please make sure you dont block IDE devices, Disk Drives else all your laptops in that catagory will not

be able to boot with the drives blocked error - BLUE DUMP.

9. Most IMP - Move all the clients to this group and apply all the tailor made policies to the group and

see if you can see the latest policies at the client end and check if these works well.

 

Please check this and do let me know for any queries.

Thanks,

-PrabhakarJ

 

Thanks,

Prabhakar Joshi

Srikanth_Subra's picture

Hi,

i tried as you told, but some of the USB devices were not blocked and is showing under category storage volumes and disk drives..Why this is happening? it should show as USB only na?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

please reply, Iam awaiting the solution..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Mithun Sanghavi's picture

Hello,

Could you please let us know what are those devices which are not getting blocked??

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Srikanth_Subra's picture

ive checked two USB's one Moserbear USB and other is one form Chian made..first one blocked under USb and the second one is allowed showing as Storage device.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

A. Wesker's picture

Based from what you want to do, you might try to use Application Control Policy only.

Instead of trying to block USB devices and add a lot of exceptions with hardware ID which can be very painful, why not choose to block USB drives in reading and writing and that's all. No need to create exception, no need to collect Device ID, etc ..

It's really an easier management at all.

It will block the use of any external USB drives, USB Mass Storage,etc ...

Mices and keyboards are not USB drives but Input devices so they will not be blocked by this rule.

And of corse let the rule "block access to autorun.inf" (already set by default) and then you're done.

Please tell me if it works good or not.

 

Kind Regards,

 

A. Wesker

Srikanth_Subra's picture

Application control policy? How..but when i did like this means it will block external hard disk connected in USB also?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Vikram Kumar-SAV to SEP's picture

Add a hardware Id USBSTOR\DISK*

Then from Device Control Block this device.

It will block only USB Disk Drives.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

A. Wesker's picture

Yes Srikanth,

The application policy I mentioned will block any use of any external USB devices on your USB port, excepted for Mices, Keyboard and Webcam.

A user can plug an external USB Hard Drive but he will not be able to run anything from it and he will not be able to copy anything on it as well cause of the rules block reading/writing/autorun.inf

If you want to add exception then follow the instructions given by Vikram ;-)