Endpoint Protection

 View Only

  • 1.  Advice on how to block USB Storage Devices

    Posted Nov 24, 2009 07:00 AM
    Hi

    I am looking to setup a policy which will block all usb storage devices for around 2500 users. The users will be able to use devices which have been allowed by the IT dept adding them to the exclusion list but i am unsure the best way of doing this.

    I think the best way is to block the class id \ guid id (To block all devices) then once we check the devices on a standalone we they will be added to the exclusion list using the device id.

    The more i read into this though it looks like there is a big possibility of blocking HDD's on pc's which will cause them to reboot constantly, I have also been told that we can get round this by adding the class id from the HDD's to the exclusion list but we currently have 4 different Dell PC's, 2 Lenovo and 2 HP, we also replace older pc's twice a year which means different models yet again this means we will have to keep adding class id's to the exclusion list.


  • 2.  RE: Advice on how to block USB Storage Devices

    Posted Nov 24, 2009 07:10 AM

    Title: 'How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.'
    Document ID: 2008102008020548
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008102008020548?Open&seg=ent

    Title: 'Why does Application and Device Control sometimes block USB Mass Storage Devices?'
    Document ID: 2009040311291948
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009040311291948?Open&seg=ent


    Title: 'How to block USB flash drives while allowing other USB devices.'
    Document ID: 2008022822274348
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008022822274348?Open&seg=ent


  • 3.  RE: Advice on how to block USB Storage Devices

    Posted Nov 24, 2009 08:41 AM
    Thanks Prachand but i have already read these guides and still need to know the following

    1. How to block all USB Storage devices on evey pc without blocking any HDD's in the pc's

    2. Adding the Device ID of the USB Storage devices which will be added into the exceptions list in the future all i can do just now is add a class id


  • 4.  RE: Advice on how to block USB Storage Devices
    Best Answer

    Posted Nov 24, 2009 08:51 AM
     In the device control policy 
    Block -- all usb drives
    Exception- Human Interface devices.

    Now all usb flash drives will be blocked now if there is any you want to allow add a Device for that in the exceptions.

    For Device ID we also we support the use of wildcards "*" and "?":
    • Asterisk (*) means zero or more of any character
    • Question mark (?) means a single character of any value
    Examples:
    • Any USB storage device: USBSTOR*
    • Any USB disk: USBSTOR\DISK*
    • Any USB SanDisk drive: USBSTOR\DISK&VEN_SANDISK*
    • Specific SanDisk device:
    USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
    • Specific Kingston device: USBSTOR\DISK&VEN_KINGSTON&PROD_DTSECURE_PRIVACY*

    https://www-secure.symantec.com/connect/forums/device-controlcan-i-use-wildcard#comment-2228781





  • 5.  RE: Advice on how to block USB Storage Devices

    Posted Nov 25, 2009 03:32 AM
    Thanks