How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control

Article:TECH95813  |  Created: 2009-01-26  |  Updated: 2009-01-09  |  Article URL
Article Type
Technical Solution




How can I ensure that Symantec Endpoint Protection clients have read-only access to USB drives?


To limit SEP clients to read-only USB drive access, create/edit and assign an appropriate Application and Device Control policy using the following steps:
  1. Install Symantec Endpoint Protection, including the Network Threat Protection feature, on the clients where USB drives will be used
  2. Ensure that the clients is communicating with the Symantec Endpoint Protection Manager (SEPM)
  3. Log on to the SEPM console and click on the Policies tab in the left hand window pane
  4. Select Application and Device Control
  5. Create a new policy or edit an existing Application and Device Control policy
  6. Click on Application Control and select the following options:
    • Make all removable drives read-only
    • Block writing to USB drives
  7. Assign the policy to the client(s) in question
  8. Reboot the client(s) to implement the policy.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices