Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP - Application and Device Control - disable portable devices

  • 1.  SEP - Application and Device Control - disable portable devices

    Posted Oct 03, 2012 04:45 AM

    Dear Gents,

     

    I've a problem with Android Devices. I have to make this devices Read Only, but the Application Control rules do not want to work.

    Please Help to find any solution.

     

     

     

     I've tried a lot of opportunities, like:

     

    Does anyone have any experience about the Android Decives?

    Please help me to find an acceptable solution

     

    Thank you and Best Regards

    A.

     

     

     

     



  • 2.  RE: SEP - Application and Device Control - disable portable devices

    Broadcom Employee
    Posted Oct 03, 2012 05:34 AM

    Hi,

    Check the following articles

    Application/Device Control - Use of Wildcards for Device ID's

    https://www-secure.symantec.com/connect/idea/applicationdevice-control-use-wildcards-device-ids .

    How Symantec Endpoint Protection Device Control processes Windows device GUIDs and device IDs.

    http://www.symantec.com/docs/HOWTO60964

    DevViewer - a tool for finding hardware device ID for Device Blocking in Symantec Endpoint Protection

    http://www.symantec.com/docs/TECH103401

    How to Block 3G modems in Application and Device Policy

    http://www.symantec.com/connect/articles/how-block-3g-modems-application-and-device-policy

     



  • 3.  RE: SEP - Application and Device Control - disable portable devices



  • 4.  RE: SEP - Application and Device Control - disable portable devices

    Posted Oct 03, 2012 02:42 PM

    Here is a very useful documentation covering your issues:

    http://www.symantec.com/connect/sites/default/files/Application%20and%20Device%20Control_V1%202_4_0.pdf

    See page 20 where Device IDs and wildcards are explained. And starting on page 26, you get a good tip how you can centrally monitor device IDs in your environment. So you can get a survey of existing devices.

    It's better to use Device Control for blocking; it's far easier than Application Control.

    BTW, the USB\VID* device ID seems too generic to me. For example, to block all Samsung Galaxies S II you could try this string (not tested, no warranty): USB\VID_04E8&PID_6860\*
     



  • 5.  RE: SEP - Application and Device Control - disable portable devices

    Posted Oct 04, 2012 04:51 AM

    Dear Gents,

     

    thank you for your suggestions. I checked the documents, I think we could find the right solution. I know, the Device bloking is mutch easier, but the customer wants to charge they android devices via USB, so primarily we try the application control.

     

    Thanks

    Attila



  • 6.  RE: SEP - Application and Device Control - disable portable devices

    Posted Oct 04, 2012 04:54 AM

    Devices such as Androids, iPods, cameras and other types of portable devices will not be able to get charged.  On newer operating systems such as Windows Vista, Windows 7 and 2008 the operating system will allow the devices to receive power even if they are disabled.

    http://www.symantec.com/business/support/index?page=content&id=TECH175220

    https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection

     

    Check this thread

    https://www-secure.symantec.com/connect/forums/disable-charging-ipod



  • 7.  RE: SEP - Application and Device Control - disable portable devices

    Posted Oct 04, 2012 02:56 PM

    Hi ,

    Please refer

    Problem



    How can I ensure that Symantec Endpoint Protection clients have read-only access to USB drives?
     


     

    Solution



    To limit SEP clients to read-only USB drive access, create/edit and assign an appropriate Application and Device Control policy using the following steps:
    1. Install Symantec Endpoint Protection, including the Network Threat Protection feature, on the clients where USB drives will be used
    2. Ensure that the clients is communicating with the Symantec Endpoint Protection Manager (SEPM)
    3. Log on to the SEPM console and click on the Policies tab in the left hand window pane
    4. Select Application and Device Control
    5. Create a new policy or edit an existing Application and Device Control policy
    6. Click on Application Control and select the following options:
      • Make all removable drives read-only
      • Block writing to USB drives
    7. Assign the policy to the client(s) in question
    8. Reboot the client(s) to implement the policy.

     

     



  • 8.  RE: SEP - Application and Device Control - disable portable devices

    Posted Oct 11, 2012 05:21 AM

    Hi,

    Thank you for your help. It seems, the problem can not be solved with the Application Control.

    We came up with an alternate solution. We disable all of the vendor ID's of the Android devices, and we'll make exceptions when necessary.

     

    Android_ZTE Device: USB\VID_19D2*
    Android_Sony Device: USB\VID_0FCE*
    Android_Samsung Device: USB\VID_04E8*
    Android_Motorola Device: USB\VID_22B8*
    Android_LG Device: USB\VID_1004*
    Android_Huawei Device: USB\VID_12D1*
    Android_HTC Device: USB\VID_0BB4*

     

    Best Regards

    A

     



  • 9.  RE: SEP - Application and Device Control - disable portable devices
    Best Answer

    Posted Oct 11, 2012 12:51 PM

    Your approach is okay from my point of view.

    Have a look at this web site that has a lot of known USB IDs. Perhaps it helps you to get more precise device id parts. There is a file (usb.ids) that contains a lot of IDs. However, no warranty.

     



  • 10.  RE: SEP - Application and Device Control - disable portable devices

    Posted Oct 12, 2012 04:36 AM

    Hi Greg,

     

    we elaborate the policy based from this site. http://www.linux-usb.org/usb.ids

    But it's the same. It was very useful. Thank you for your help.

     

    Br.

    A