Gather the Device ID of device(s) using the DevViewer tool:
1. Find the DevViewer.exe tool on the SEP 11.0.X CD2 in the CD2\Tools\NoSupport\DevViewer folder.
2. Plug in the device you want to gather the GUID from.
3. Run the DevViewer.exe tool and browse to find the device. (Example, for a thumb drive, look under Disk drives)
4. Select the device, and on the right you will see information about the device.
5. Right click the [GUID] and select Copy GUID.
6. Exit the DevViewer Tool.
Add the Hardware Device into Symantec Endpoint Protection Manager policy:
1. In the SEPM, select the Policies view.
2. In the upper left corner of the console, under the View Policies section, click on Policy Components to expand the sub-list.
3. Under Policy Components, select Hardware Devices.
4. Under Tasks, select Add a Hardware Device
5. Type in the Name you wish to call your device (example: Administrator's Thumbdrive).
6. Select the class ID option, click in the text box and use CTRL-V to paste the Device ID you copied from the DevViewer tool.
7. Click OK.
Add Hardware Device to Blocking list:
1. In the SEPM, Under View Policies, select Application and Device Control
2. Right click your Application and Device Control Policy and select Edit.
3. Select the Device Control view.
4. Under the Blocked Devices section, click Add, select the device you added in the previous section and click OK and click OK
Reference:
http://www.symantec.com/business/support/index?page=content&id=TECH132353