You want to use Symantec Endpoint Protection (SEP) Application and Device Control policy to block all USB thumb drives and USB hard drives on managed Symantec Endpoint Protection clients, but want to allow some USB drives to work.
To block USB drives (thumb drives, hard drives) while not blocking a specific USB drive in the Device Control policy, you must:
Note: An alternate way to find device ID, if DevViewer is not available:
1. On the Windows taskbar, click Start > Settings > Control Panel > System.
2. On the Hardware tab, click Device Manager.
3. In the Device Manager list, double-click the device.
4. In the device's Properties dialog box, on the Details tab, select the Device ID (on Windows XP) or Device Instance Path (Windows Vista or 7).
5. Press Control+C to copy the ID string.
If you cannot locate the correct device ID for building the rule, remember that in DevViewer you can change View Style to View devices by connection. Changing this view may help, particularly when troubleshooting USB exclusions.
When the clients get the new policy, they may need to reboot for the policy to work correctly. If so, a notification message appears on the client that a reboot is necessary for the new policy change. The client is listed in the Reboot Required logs in the SEPM until the reboot completes.