Hello,
Here are the Steps to block the USB Drives -
1. First you have start and logon to “Symantec Endpoint Protection Manager”
2. In the main windows | tool bar select: “Policies” | Hardware Devices | right click and ADD
3. In Device Name write “USB Storage” and Device ID “USBSTOR*.*” | OK
4. Then click inside “Application and Device Control” in the main menu and then right click inside “Application and Device Control” and Edit.
5. Device Control | Blocked Devices and click Add
6. Select “USB Storage” and click OK
7. Active Notification: Mark: “Notify users when deviced is blocked”, click “Specify Message Text” ) | add messange | OK (c) and click OK.
8. To assign to the policy just click in “ASSIGN”
9. Select the group to be applied and click “Assign”
10. Done the policy will updated to all workstation member of this group.
Check these Articles:
How to Block or Allow Devices in Symantec Endpoint Protection
http://www.symantec.com/docs/TECH175220
How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.
http://www.symantec.com/docs/TECH106304
How to block USB Keys with SEP
http://www.symantec.com/docs/TECH106361
Also, Check these Threads:
https://www-secure.symantec.com/connect/forums/how-block-usb-using-sepm-windows-7
https://www-secure.symantec.com/connect/forums/usb-device-control-2
https://www-secure.symantec.com/connect/forums/sepm-121-application-and-device-control
Hope that helps!!