Endpoint Protection

Hi,

I have started using Symantec Endpoint Protection from 11 then moved on to 12.1 and recently i migrated to 12.1RU1. I was able to block the USB devices in 11 and 12.1. But when i recently migrated to 12.1RU1, Users are able to use the USB devices even though the policies says USB devices is in the blocked device list in Application and Device Control.

For further clarity on this issue i have attached a screen shot of the policies i have set for Application and Device Control

Are you sure the ADC policy made it to the client? Make sure the policy number on the client matches that of the one on the server.

Yes i did check on that and the policy numbers do match.

the one that is allowed, did you check if that falls under USB?

hello Pete,

I don't understand  what u mean by "the one that is allowed"

can you run devviewer and check under which category the device falls ?

Please verify whether you have added Storage Volume into the excluding list. If present kindly remove and hen check.

According to the policies in place in your jpg, you are only blocking writing to USB drives and executables from running from them. There is no policy enabled or even created in your list for blocking reading from a USB drive.

I have personally found that adding storage volumes can be quite dangerous, depending on the environment. 

For example, when using "hardware RAID", externallly attached framestores and other utilizations.

I had machines configured for 4 disk striping and when I installed SEPM, it blocked the "storage volume" which made the machine unbootable in anything but safe mode.  I had to uninstall SEP from there.

The same thing with Fiber attached and Ethernet attached external framestores (storage volumes).  Was quite a pain. 

hello Reg2Post,

Yes i known that. I had enabled that option cause the users were able to use the USB device.

Well in that case can u tell me how to create a policy to block them from reading.

But i thought once you put the USB device under the blocked devices list you don't have to create a specific policy to block them so that the users won't be able to read or use the device.

hello Pete,

The USB devies are being used by the users. According to the company policies they are not supposed to use pen drive, so they obviously won't give their pen drives to run a devviewer on it. I know it seems a little complicated.

Hello Support-2-support,

Yes the storage volumes are in the excluded list. But according to Jason it is not advisable. So can please suggest some other method.

 Thank You.

If your users are on Win7 you can use a Group Policy. If they are WinXP you will have to use a registry change.

But maybe you can get the result you want by taking storage volumes off the excluded list.

From what I can see, Jason1222 was commenting not to put Storage Volumes on the blocked list.

SUPPORT-2-SUPPORT was asking to remove the Storage Volumes off the excluded list and check to see if that resolves the issue.

I agree that you should try removing Storage Volumes off the excluded list because that would allow your USB storage devices.

Hi,

Try to repair one client & see the issue is still there or nor.

First off, to try to determine why it was working before and what has changed to stop it from working now.  It may be worth logging on locally to one of these SEP Clients and checking via Add/Remove Programs (or the Vista/7 equivalent) to see if the Application and Device Control component is installed.  Is it possible that when you upgraded the clients that their feature sets had been changed?

As a second point, the device control part of your policy appears a bit messy, and would likely add administrative overhead further down the line.  What exactly do you want to block and allow?