Endpoint Protection

Dear All,

I have created a policy in SEPM 12.1.4 for USB Block and some data card  allow, But it is not working properly, after applying this policy all web camera get blocked even some scanner’s and printer’s are blocked.

I have already excluded all printer and data card ( Vodafone 3 G, MTS, Tata photan) etc and printer. By device ID.

Even it is very difficult to provide all printer’s device ID, and data cards device ID and scanner device ID.

Is there any way to allow all printer by providing single device ID or class ID.

Each manufacturer may have a different ID, there really isn't a clean cut solution for this. You can use DevViewer to get the ID and exclude using a wildcard

Symantec Endpoint Protection Device Control: excluding devices from blocking show inconsistent results

http://www.symantec.com/docs/TECH145804

the devviewer tool can tell you the class id the one's thats not present in SEPM.

how can I see class ID, pls share the screen shot

Guid is class id, you can add it using dev viewer.

Open devviewer and it will show you. You can see it here:

DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

Obtaining a class ID or device ID

You mean guid means class ID.

Means if I salect guid for HP printer then it will allow all HP printer.

It will only allow for that specific device

It will be very difficult for all HP scanner, means I have to add class ID for all scanner's and printer and data card too.

is there any way to add a single class ID for all HP printer and all Tata photan data card etc. because there is lot's of scanner and printer's in my office and not possible to add one by one by adding class ID or device ID.

If they have a similar ID than you can use a wildcard, for example *hp* or something similar to that.

There is no option to add in bulk though

SEPM already has a predefined set of hardware device IDs, although I don't see anything specific to an HP printer

You're best bet is to use a wildcard * to define an entire dataset and see if this works.

You can add the device id of hp printer till rev. after that add the asteric(*) sign.

http://www.symantec.com/avcenter/security/ADC/Configuring_Application_Control_1.1.pdf

*Edit*

Eg - USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0

Chooser till  - USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO* (add *)

For more reff

https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

thank you all