Endpoint Protection

In logs I have seen people connecting disk drives & storage volumes, if i block this will there be any problem from OS booting i.e. will it block HDD volumes. ???

Its better you find out the Device ID and block...
Check the device ID of normal HDD.. and Device ID mentioned in the Disk drives & storage... if both are different then you can block.. 

"Its better you find out the Device ID and block..."

Device id's will be different for the same device on all machine, & excluding this from the list of more than 200+ is very difficult as I have to add invidual hardware id for each device id in different name

is there any ways where for same name different id's can be added separated by comma or semicolon or any special character ( if this is included in next version I think it will be helpful)

ex: usb\xyz, usb\abc etc...

or will this works

orginal 1 is USB\VID_0C55&PID_6450\S06450TARG0DA255

if suffix with * (S06450TARG0DA255) i.e.

USB\VID_0C55&PID_6450\*

Anil -- Based on my experience yesterday, it is not safe to block the 'disk drives'   class, even though this howto from symantec says to do exactly that:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/b54beb2f46268ccc882574e80052960f?OpenDocument

When I applied a policy blocking the disk drives class, it worked exactly as I wanted in my test group.  However, after I applied the policy to all workstations, it caused several workstations to suddenly crash and reboot, over and over again.  I ended up having to boot to safe mode and disable the SEP services and ccapp so that the PC's would boot to normal mode long enough to address the issue further.

I'm still working on tracking down the exact cause, but thus far it appears to be hardware specific.  All of the machines that had the problem were a model that I hadn't included in my test group.  Once I was able to boot back into windows normally on those machines, I found an error indicating that the computer lost communication with the hard drive, causing the previous crash.  It seems that for some reason the SEP application and device control policy blocking 'disk drives' actually blocked the internal hard drive on these machines as well.  
I guess the moral of the story is, make sure you account for every different kind of hardware in your test group.

ha..ha...making account for every different kind of hardware is not at all possible in large environments...

Even I blocked the diskdrive class id, & I faced similar problem like u. I never though disabling sep services in safe mode will boot windows into normal mode, i tried unistalling SEP in safe mode & I was unsuccessful last option was reinstall OS.

My concern is if I plug any USB mass storage/External HDD on 1 system class  id will be same for all machines but device id will be different on all machines, now scenario is I can't create invidual device id for all coz list will grow like anything, what I wanted is create 1 exclusion name( for mass storage or external HDD) add all found device id in 1 name ( hope so u understood) i.e

harware devices---Generic volume
                                  STORAGE\REMOVABLEMEDIA\7&5EA060B&0&RM, STORAGE\REMOVABLEMEDIA\7&7EA010B&0&LM, so on......( separated by comma or semicolon or any special character)

Hope so this suggestion will be included in next release

 I think you already answered your question, but we do support wildcards in device ID's, so by saying "USBSTOR\*" for example, you can block all USB Storage devices.

In the same way, you could block all Disk drives made by Seagate, or a certain model of disk drive, etc.