Endpoint Protection

 View Only

  • 1.  Using Application & Device Control simultaneously

    Posted Aug 16, 2016 08:37 PM

    I am looking to use Application & Device Control to block USB drives but allow exceptions for certain devices using Device Control and Device IDs. However, I'd also like to use the Application Control part of the policy to also log all files that are created, written, and modified on the USB drives. 

    My understanding from reading Symantec documentation is that these two parts cannot be used simultaneously and unfortuantely you can only apply one type of Application and Device Control policy to a group of computers.

    Any ideas on how to accomplish this? or does anyone know of a Windows feature (GPO maybe?) that will log all files being transferred between USB drives. 



  • 2.  RE: Using Application & Device Control simultaneously

    Posted Aug 16, 2016 08:51 PM

    Not sure where you read that but they can (and should) be used simultaneously. The policy contains options for both pieces.

    For Application Control, the default configuration already contains a rule to use - "Log files written to USB drives". This is the one you can start with.

    Here is KB article on blocking/allowing devices with Device Control:

    Block or allow devices in Endpoint Protection



  • 3.  RE: Using Application & Device Control simultaneously

    Posted Aug 16, 2016 10:02 PM

    https://support.symantec.com/en_US/article.TECH106304.html

    The last line under step C) states to not mix the two methods, although it only states for blocking and excluding drives. However, you state it should be used simultaneously but it's not very clear which parts you are referring to as well. 

    I'm testing using 12.3.5.3 with no luck.

    I can see logs for Application Control if I remove all Device Control objects and vice versa but using them together provides no events under the logs for either. In other words, either option works fine on its own but when I mix both the results are not what I should be expecting. 



  • 4.  RE: Using Application & Device Control simultaneously
    Best Answer

    Posted Aug 16, 2016 10:52 PM

    Ahh yes, my fault, that is correct. I read your original post as can only use Application or Device control but not simultaneously (overall).

    Yes, when it comes to blocking devices, pick whichever one you want and go with that. IMO, Application control is more customizable.



  • 5.  RE: Using Application & Device Control simultaneously

    Posted Aug 17, 2016 04:23 PM

    Sounds good, I'll see if I can easily configure Application Control to block all USB drives except ones I specify under a whitelist. Thanks!