Hello,
There are two ways that devices can be identified in SEP 11.x and 12.1:
- by Class ID
- by Device ID
There are advantages and disadvantages of using either method and there is a different functionality for each method.
Class ID
A Class ID is a generic category of devices that are designated by the Windows operating system. A Class ID is always listed as a GUID. Here are examples of Class IDs (GUID):
- Disk Drives - {4d36e967-e325-11ce-bfc1-08002be10318}
- Storage Volumes - {71a27cdd-812a-11d0-bec7-08002be2092f}
- USB devices - {36FC9E60-C465-11CF-8056-444553540000}
- DVD/CD-ROM - {4D36E965-E325-11CE-BFC1-08002BE10318}
- IDE - {4d36e96a-e325-11ce-bfc1-08002be10318}
- PCMCIA - {4d36e977-e325-11ce-bfc1-08002be10318}
In SEP, wildcards are not supported on Class IDs.
For a list of Class IDs, click here.
msdn.microsoft.com/en-us/library/windows/hardware/ff553426(v=VS.85).aspx
Device ID
A Device ID (also known as a Device Instance ID in Windows) is a specific ID that is given to each device. A Device ID can be more effective for blocking or allowing devices because it is made by concatenating a list of data about the particular device. Device IDs are generally in a more readable format.
Here are two common formats for Device IDs:
<class>\<type>&<vendor>&<model>&<revision>\<serial number>
<class>\<type><vendor><model><revision>\<serial number>
Here are examples of Device IDs:
- SanDisk Micro Cruzer - USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
- Apple iPod - USBSTOR\DiskApple___iPod____________1.62\4&3656B0&0
- Hitachi IDE Hard Drive - IDE\DISKHTS541060G9SA00_________________________MB3IC60H\4&14AA9DA8&0&0.0.0
For Device IDs wildcards are supported: * and ?.
- Asterisk [*] - means zero or more of any character
- Question mark [?] - means a single character of any value
Here are examples of using wildcards:
Any USB Storage device
Any USB Disk
Any USB SanDisk drive
- USBSTOR\DISK&VEN_SANDISK*
Any USB SanDisk Micro Cruzer drive
- USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO*
A specific SanDisk device
- USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0
It is recommended to use Device IDs over Class IDs in most cases.
Reference:
How to Block or Allow Devices in Symantec Endpoint Protection
http://www.symantec.com/docs/TECH175220\
Hope that helps!!