Hello,
Check out this article, this should help -
How to make USB drives read-only with Symantec Endpoint Protection using Application and Device Control
http://www.symantec.com/business/support/index?page=content&id=TECH95813
After setting up an Application and Device Control policy to block CD writing, CD writing is not blocked as expected, and write attempt is not logged
set here as read only ( as mentioned in article)
http://www.symantec.com/business/support/index?page=content&id=TECH104800
You can make CD/DVD read only by editing the USB read only policy (Application Control default policy) and then edit the * in the policy and select CD/DVD.
You need to be aware that CD/DVD ready only is only partially applied using Application Device Control.
Only when CD/DVD writing is done using Windows Writer using EXPLORER.exe then only application control will block it.
If you do it using Nero or any other program SEP will not block it. You will have to block such programs using Application Control.
Check this Thread:
https://www-secure.symantec.com/connect/forums/regarding-policy
Hope that helps!!