Hello,
Here are the Steps:
1. First you have start and logon to “Symantec Endpoint Protection Manager”
2. In the main windows | tool bar select: “Policies” | Hardware Devices | right click and ADD
3. In Device Name write “USB Storage” and Device ID “USBSTOR*.*” | OK
4. Then click inside “Application and Device Control” in the main menu and then right click inside “Application and Device Control” and Edit.
5. Device Control | Blocked Devices and click Add
6. Select “USB Storage” and click OK
7. Active Notification: Mark: “Notify users when deviced is blocked”, click “Specify Message Text” | add message | OK (c) and click OK.
8. To assign to the policy just click in “ASSIGN”
9. Select the group to be applied and click “Assign”
10. Done the policy will updated to all workstation member of this group.
Link to create exception:
http://www.symantec.com/docs/TECH104299
http://www.symantec.com/docs/TECH106304
Conclusion: All USB ports will be blocked. As we know Information Management is very important.
Also, check this Amazing Article: