Video Screencast Help

Symantec Endpoint Protection - USB device logging

Created: 04 Aug 2011 | 1 comment
BobJ's picture
3 Agree
0 Disagree
+3 3 Votes
Login to vote

We would like to obtain the IDs of USB devices BEFORE blocking any so that we can establish the size of the problem/project we face in locking down USB devices.However we'd like to be able to leave USB devices working whilst this is happening. In SEP 11 policy terms we'd really like to be able to select the Device Contol portion of the policy and (say) add USB devices to the allowed section and set a flag to log USB devices attached (where currently it only logs Blocked USB devices).

Ideally both Class and Deice IDs would be returned but Device IDs would be sufficient.

The report provided in the Monitors section of the console would be identical to that provided now for blocked devices (may be worth stating if the device was allowed or blocked though since different groups may have diferent policies applied, i.e. some blocking and some monitoring)

(It is currently only possible to obtain device IDs of USB devices that are blocked (and logging enabled)).

Comments 1 CommentJump to latest comment

Adrian McA's picture

I raised a similar idea to be able to view the class id of devices that are logging writes to USB.

0
Login to vote