Mumbai Security and Compliance User Group

 View Only
Expand all | Collapse all

USB Device Control

Srikanth_Subra

Srikanth_SubraJul 28, 2011 04:13 AM

Srikanth_Subra

Srikanth_SubraSep 05, 2011 04:30 AM

  • 1.  USB Device Control

    Posted Jul 27, 2011 02:14 AM

    Hi Guys,

    I came to know that there is a method to block USB devices in symantec using device control..So i tried and i found that all keyboard, mouse and other devices connected in USB is stopped working after that i revert the changes and it started working..

    Now i need a clear method for blocking those usb devices except the keyboard, mouse and others..

    Is there any way to apply this policy only for a particular group?

    Kindly suggest..



  • 2.  RE: USB Device Control

    Posted Jul 27, 2011 02:24 AM


  • 3.  RE: USB Device Control

    Posted Jul 27, 2011 02:39 AM

    Iam having one doubt if i exclude the Human interface devices it will exclude the keyboard, mouse etc..

    i added only usb to block but why the others got blocked..



  • 4.  RE: USB Device Control

    Posted Jul 27, 2011 06:22 AM

    Go into Device Control and under Blocked Devices click add & select 'Disk Drives' in the device selection window - this will only block external drives. Adding 'Human Interface Devices' will block keyboards, mice etc.



  • 5.  RE: USB Device Control

    Trusted Advisor
    Posted Jul 27, 2011 06:46 AM

    Hello,

    It is a simple understanding.

    When you are applying a policy to Block USB only, that includes all USB devices. In today's world, Mouse and Keyboard works on USB only. If I am not mistaken, you may have selected Block USB's

     

    Few Articles for your Quick Accessability:

    1) How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

     
     
    2) How to block USB flash drives while allowing other USB devices.
     


  • 6.  RE: USB Device Control

    Posted Jul 27, 2011 06:50 AM

    i referred these articles only before trying..but when i included whole USB thing my mouse and keyboard got blocked..so only iam asking..it is not possible to find the USB devices roaming around na..so only i asked you..



  • 7.  RE: USB Device Control

    Posted Jul 27, 2011 06:51 AM

    when you say USB; it wil block all usb; so u need exclude human interface USB.



  • 8.  RE: USB Device Control

    Posted Jul 28, 2011 04:13 AM

    kindly provide me the solution..



  • 9.  RE: USB Device Control

    Posted Jul 28, 2011 04:38 AM

    Yes not possible so you need to use the DEviewer tool which is found in CD2 of SEPM.

    find the device ID; ADD that ID to block USB; 

    You need to exclude human interface devices , or else it will block



  • 10.  RE: USB Device Control

    Posted Aug 16, 2011 06:53 AM

    Hi,

    Let me summerize your problem and then a solution.

    Problem-  You need to block USB, Mass storage, External Disks but want to keep open access for

    Mouse, Keyboards. You want to implement this on a perticular group.

     

    Solution:

    1. Create a group in SEP

    2. Click on the Group Name and navigate to Policies Tab.

    3. Uncheck the option from "Inherit policies and Settings from Parent Group"

    4. Set all other policies as per your requirements.

    5. Click on 'Application and Device Control Policy' and choose to Create a Non-Shared Policy Copy.

    6. Click on 'Device Control' Tab on the left side

    7. Choose devices that you want to block in first part. ( USB, Camera, Flash Drive, Memory Cards,etc)

    8. Choose the devices that you want always opne under UNBLOCK catagory. (HID devices)

    - Please make sure you dont block IDE devices, Disk Drives else all your laptops in that catagory will not

    be able to boot with the drives blocked error - BLUE DUMP.

    9. Most IMP - Move all the clients to this group and apply all the tailor made policies to the group and

    see if you can see the latest policies at the client end and check if these works well.

     

    Please check this and do let me know for any queries.

    Thanks,

    -PrabhakarJ

     



  • 11.  RE: USB Device Control

    Posted Sep 04, 2011 11:31 PM

    Hi,

    i tried as you told, but some of the USB devices were not blocked and is showing under category storage volumes and disk drives..Why this is happening? it should show as USB only na?



  • 12.  RE: USB Device Control

    Posted Sep 05, 2011 04:30 AM

    please reply, Iam awaiting the solution..



  • 13.  RE: USB Device Control

    Trusted Advisor
    Posted Sep 05, 2011 07:15 AM

    Hello,

    Could you please let us know what are those devices which are not getting blocked??



  • 14.  RE: USB Device Control

    Posted Sep 05, 2011 07:45 AM

    ive checked two USB's one Moserbear USB and other is one form Chian made..first one blocked under USb and the second one is allowed showing as Storage device.



  • 15.  RE: USB Device Control

    Posted Oct 19, 2011 02:52 PM

    Based from what you want to do, you might try to use Application Control Policy only.

    Instead of trying to block USB devices and add a lot of exceptions with hardware ID which can be very painful, why not choose to block USB drives in reading and writing and that's all. No need to create exception, no need to collect Device ID, etc ..

    It's really an easier management at all.

    It will block the use of any external USB drives, USB Mass Storage,etc ...

    Mices and keyboards are not USB drives but Input devices so they will not be blocked by this rule.

    And of corse let the rule "block access to autorun.inf" (already set by default) and then you're done.

    Please tell me if it works good or not.

     

    Kind Regards,

     

    A. Wesker



  • 16.  RE: USB Device Control

    Posted Oct 19, 2011 03:19 PM

    Add a hardware Id USBSTOR\DISK*

    Then from Device Control Block this device.

    It will block only USB Disk Drives.



  • 17.  RE: USB Device Control

    Posted Oct 19, 2011 11:16 PM

    Application control policy? How..but when i did like this means it will block external hard disk connected in USB also?



  • 18.  RE: USB Device Control

    Posted Oct 30, 2011 01:23 PM

    Yes Srikanth,

    The application policy I mentioned will block any use of any external USB devices on your USB port, excepted for Mices, Keyboard and Webcam.

    A user can plug an external USB Hard Drive but he will not be able to run anything from it and he will not be able to copy anything on it as well cause of the rules block reading/writing/autorun.inf

    If you want to add exception then follow the instructions given by Vikram ;-)