SEP (Symantec Endpoint Protection) introduced Apple Mac Device Control as of SEP 14.0. For example, administrators have the ability in that version to block or limit access to external devices. Administrators may notice that some USB or other devices, particularly phones, may still be accessed despite the blocking policy.
Users may still access some devices by using the manufacturer's management software (e.g.. iTunes for iPhones and other Apple mobile devices, or Kies for Samsung devices).
Mac OS X, macOS (Sierra)
SEP Mac device control currently will only block or limit access to mount points (the Mac equivalent to Windows drive letters). This controls only the high-level access of device content via the Apple Finder (the Mac equivalent to Windows Explorer). Users can still access devices by using low-level I/O commands or other management software (e.g. mobile phone management software like iTunes or Kies).
This behavior is currently by design. Device control for the Mac is new in SEP version 14.0, and will only restrict casual access to selected devices, particularly external drives that appear as mounted volumes on the Apple desktop or in the Finder.