Endpoint Encryption

 View Only

  • 1.  USB device policy

    Posted Aug 21, 2013 02:43 AM

    We would like to temporary disable rule "Block writing to removable media" on few computers, but we don't want to create exception in Symantec Endpoint Protection Manager Policies. It is possible to do it from registry ?

    On a 64-bit operating system: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

    We need to do it locally on computer where user have full admin rights only for 30 min an then user will set registry entry as default.

     

    Thanks,

    Mario



  • 2.  RE: USB device policy

    Broadcom Employee
    Posted Aug 21, 2013 03:11 AM

    try this

    https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks

     

    12. How to disable Application and Device Control via registry

     

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant

    Change the Value of Start to 4 . 1 –means enabled.



  • 3.  RE: USB device policy

    Posted Aug 21, 2013 03:26 AM

    Hi,

    try this link below:

     

    How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

    http://www.symantec.com/docs/TECH106304



  • 4.  RE: USB device policy

    Posted Aug 21, 2013 03:43 AM

    Unfortunatelly we still got warning:

    symantec bitlocker.png

     



  • 5.  RE: USB device policy

    Broadcom Employee
    Posted Aug 21, 2013 04:02 AM

    did you change the registry setting?

    check device manager if driver is still enabled.

    easier way to dp this is create a new group and move the clients to new group.

     



  • 6.  RE: USB device policy

    Posted Aug 21, 2013 04:27 AM

    yes, registry key has been set to 4

     

    regedit.PNG

     

    what driver should I verified in Device Manager ?

    can you pls provide path ?



  • 7.  RE: USB device policy

    Posted Aug 21, 2013 08:55 AM

    In Device manager under non plug and play drivers, look for sysplant



  • 8.  RE: USB device policy

    Posted Aug 21, 2013 09:31 AM

    It is still Started, but Stop button is greyed out and I have full admin rights

    sysplant.PNG



  • 9.  RE: USB device policy

    Posted Aug 21, 2013 11:19 AM

    Depending on what you have configured in the Client User Interface Settings, and assuming you're using SEP12.1, the users (as local admins) can disable Application and Device Control with a simple checkbox.  See screenies.

    The user can then repeat the process to re-enable A&DC or SEP will automatically re-enable it after a reboot



  • 10.  RE: USB device policy

    Posted Aug 21, 2013 07:48 PM

    Doing it through the registry may not be possible. Because after you modify the registry the values will be updated again as long as the client services are started.

    I would suggest creating a temp group in the SEPM under the existing group and move the concerned clients to that group and then create a new (or a non shared policy) for that group and disable the concerned rule. Once the job is done, move the clients back to the original group and delete the temp group.