Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

USB BLocked

SKP

SKPNov 16, 2011 04:24 AM

How can i do it.........

  • 1.  USB BLocked

    Posted Nov 14, 2011 05:10 AM

    We had block USB through Symantec, but problem is USB printer also got block now we have to add Device ID of each and every printer

    Is there any way out that we can block only Pen drive or mass storage.



  • 2.  RE: USB BLocked

    Broadcom Employee
    Posted Nov 14, 2011 06:11 AM

     

    Hi,

    Have you allowed human interfaces devices through policy ?

    Screenshot is attached for your reference.

     
    & yes you can block external storage devices.
     
    How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection
     
    http://www.symantec.com/business/support/index?page=content&id=TECH106304&locale=en_US
     
    I hope it will help you !!
     


  • 3.  RE: USB BLocked

    Posted Nov 14, 2011 08:08 AM

    Can we block via  registry value in SEPM ,IF yes can u help me



  • 4.  RE: USB BLocked

    Posted Nov 14, 2011 10:59 AM

    Exclude printers by going into application and device control under policies, hardware devices, and add a new hardware device.

    Choose DEVICE ID and then paste in this value:

    *USBPRINT\*

    For device name, call it something like "Our USB Printers" for example.

    OK, then  add it to the not block, or exclude at the bottom of the device control policy - it's below the pane where you choose devices TO block.

    I blocked all USB storage by using a hardware definition like this:

    Create a new hardware definition, and choose DEVICE ID, and put this in the ID area:

    *USBSTOR\Disk*

    That way I block USB storage, and allow USB printers - but block the card slots in the printers.......so no one can use those card slots to move files back and forth.

    You can do the same to block all USB storage devices - flash drives, pens, etc. - but allow USB printers.



  • 5.  RE: USB BLocked

    Posted Nov 16, 2011 02:26 AM

    Can we block flash drives, pens, etc without adding DEVICE ID for each and every printer & ihad tried human interfaces devices through policy but not working



  • 6.  RE: USB BLocked

    Posted Nov 16, 2011 03:52 AM

    Hi

    Allow the printing devices in exclusion.

    Regards

    Vicky



  • 7.  RE: USB BLocked

    Posted Nov 16, 2011 04:24 AM

    How can i do it.........



  • 8.  RE: USB BLocked

    Posted Nov 16, 2011 05:12 AM

    Hi,

    Go to device blocking policies

    Edit policy----Add in exclusion----printing devices

    Regards

    Vicky



  • 9.  RE: USB BLocked

    Posted Nov 16, 2011 05:25 AM

    1. Block USB devices

    a. Login into the SEPM console.

    b. Click Policies, then click Application and Device Control under View Policies.

    c. Select the Application and Device Control policy which needs to be modified on the right-hand side.

     

    d. Click Edit the Policy under Tasks.

    e. In the pop-up window, click Device Control.

    f. In the Blocked Devices section, click the Add... button.

    e. Select USB in the next pop-up window.

    g. Click OK to confirm.

    USB will be added into Blocked Devices section.

     

    2. Exclude mouse and keyboard from being blocked.

    a. In the Application and Device Control policy pop-up window, Add Human Interface Devices into the Devices Excluded From Blocking section.

     

    3. Assign the policy to the groups.



  • 10.  RE: USB BLocked

    Posted Nov 16, 2011 05:42 AM

    I had done the same then too USB Printer & data card are not working........... I had add Device ID for every Printer



  • 11.  RE: USB BLocked

    Broadcom Employee
    Posted Nov 16, 2011 06:50 AM

    is the policy been taken by the SEP client which is blocking printer / USB?



  • 12.  RE: USB BLocked

    Posted Nov 16, 2011 06:57 AM

    Yes.......

    After adding Device ID it works



  • 13.  RE: USB BLocked

    Posted Nov 16, 2011 09:49 AM

    Yes - use the first part of my message above

    This part -

    Exclude printers by going into application and device control under policies, hardware devices, and add a new hardware device.

    Choose DEVICE ID and then paste in this value:

    *USBPRINT\*

    For device name, call it something like "Our USB Printers" for example.

    OK, then  add it to the not block, or exclude at the bottom of the device control policy - it's below the pane where you choose devices TO block.

     

    That way all usb printers of any brand will be allowed or excluded. BE SURE TO PUT THAT IN THE LOWER PANE - the "Devices excluded from blocking" secion - "use this pane to manage the list of devices to which you want to allow access"

    You must define as I've said above, then add that to the lower exclude section. You can block to your heart's content, but if you add that definition, and place it in the excluded section, then all USB printers regardless of brand or model will function.

    I block *USBSTOR\Disk*

    I exclude or allow *USBPRINT\*

    You must include the * in the ID portion - that's not a typo - copy those exactly and leave the * in place.

    Works like a charm for us - I block everything that has USB storage, and allow any and all UBS printers, regardless of make and model with those two simple definitions. That's literally as simple as it gets.

    I don't use "CLASSES" of devices except bluetooth which we also block.



  • 14.  RE: USB BLocked

    Posted Nov 16, 2011 09:55 AM

    Hi Shivkumar

    Put human interface device to your device control exception list.I have faced that too.



  • 15.  RE: USB BLocked

    Posted Nov 16, 2011 09:57 AM

    You can also get your device id using DevViewer

    http://service1.symantec.com/SUPPORT/ent-security.nsf/ppfdocs/2007511906325898?Open&dtype=corp&src=&seg=&om=1&om_out=prod