Hi, folks,
I'm looking for some guidance on disabling USB drives using SEP 12 without disabling USB docking stations.
I've read this article ( https://support.symantec.com/en_US/article.TECH175... ) which recommends using Device IDs over Class IDs. It suggests using the following patterns to block USB drives:
USBSTOR*
USBSTOR\DISK*
However, if I grab a couple of USB drives I have handy, I get:
[device id]: USB\VID_0951&PID_1603\0014780F9A54F9B035130D86 (Kingston DataTraveler, 4GB)
[device id]: USB\VID_0930&PID_6545\10BF484E9A88ED11E92501B2 (Kingston DataTraveler G3, 8GB)
[device id]: USB\VID_04E8&PID_6860\5F0B8DA5 (Samsung Galaxy 4S)
Other articles suggested blocking all USB devices, then putting in exceptions. This works up to a point - I can block all of USB, and put in exceptions for human interface devices (which I obviously need) and for network adapters (just in case).
However, some of our laptops have USB-connected docking stations, and I'm not sure how to exclude those. My test machine's docking station has:
[device id]: USB\VID_17E9&PID_4318&MI_00\7&DCE5559&0&0000
And if I exclude that, everything is fine. But I don't know how much of that pattern is "all USB docking stations" - how much of that ID should I include for a general wildcard pattern?
Any suggestions?