Blocking Access to USB Thumb Drives Using Symantec Endpoint Protection

Adam Jones - Systems Engineer

Recently, I discovered how to block access to a USB thumb drive using the Symantec Endpoint Protection Management console. This proved to be very useful for one of our clients so I will share the steps with you.

In the Symantec Endpoint Protection Manager, open Policies, then click Application and Device Control.

  1. Open an existing policy or click Add an Application and Device Control Policy.
  2. Click on the Device Control tab.
  3. Under the Blocked Devices section click the ADD button and select the USB option.
  4. Click the ADD button under Excluded from Blocking and select, one by one, all of the other devices that use USB that should not be blocked (eg: pointing devices, keyboard, cameras, joysticks, HDD, etc. )
  5. Click OK to save the changes and assign policy.

* From Symantec Tech Article: TECH104299

You need to make sure to pay close attention to step 4. If you leave this step out you could potentially block devices such as printers, keyboards and mice!