Attention Customers of Symantec Endpoint Protection Small Business Edition (SEP SBE) and Symantec Endpoint Protection Cloud (SEP Cloud)
These products will be discontinued on November 2, 2020. On this date, the product will stop protecting the endpoints, and access to the console no longer will be available. We recommend that customers migrate to Symantec Endpoint Security Enterprise.
For more information, see Transitioning to Symantec Endpoint Security Enterprise Guide.
This document discusses the features and functionality of the USB Device Control section of the Cloud version of Symantec Endpoint Protection Small Business Edition (SEP SBE).
NOTE: The SEP SBE product does not have the ability to whitelist a URL or a USB device. It is all or nothing.
USB Device Control enables administrators to prevent malicious code injection and intellectual property theft by controlling employee use of USB removable storage devices. USB mice and keyboards are unaffected by USB Device Control as they are not recognized or classified as storage devices by Windows. This control provides the functionality to either allow or block these devices by policy at the endpoint.
Example Notification Message:
USB Device Control
Device description: USB Mass Storage
The USB device was blocked by policy and the event has been logged. Contact your administrator for assistance.
All blocking events are logged for review and reporting. The blocking events are recorded in a number of locations:
Endpoint Protection policies enable creation of suitable controls over USB storage devices based on groups. Device Control affects devices classified as "USB Storage Devices" by Windows Device Manager. USB Device Control configuration can be included as part of either a new policy, or an existing customized Endpoint Protection policy.
It is possible to set a password to temporarily bypass USB device control in situations when an administrator needs to access USB devices on a machine but does not want the user to have open access regularly, to do so:
The password designated can now be used on a client machine to allow temporary access to USB storage devices.