search cancel

Endpoint Protection 14.0 Mac Device Control is not blocking access to some devices

book

Article ID: 164101

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEP (Symantec Endpoint Protection) introduced Apple Mac Device Control as of SEP 14.0. For example, administrators have the ability in that version to block or limit access to external devices. Administrators may notice that some USB or other devices, particularly phones, may still be accessed despite the blocking policy. 

Users may still access some devices by using the manufacturer's management software (e.g.. iTunes for iPhones and other Apple mobile devices, or Kies for Samsung devices).

Environment

Mac OS X, macOS (Sierra)

Cause

SEP Mac device control currently will only block or limit access to mount points (the Mac equivalent to Windows drive letters). This controls only the high-level access of device content via the Apple Finder (the Mac equivalent to Windows Explorer). Users can still access devices by using low-level I/O commands or other management software (e.g. mobile phone management software like iTunes or Kies). 

Resolution

This behavior is currently by design. Device control for the Mac is new in SEP version 14.0, and will only restrict casual access to selected devices, particularly external drives that appear as mounted volumes on the Apple desktop or in the Finder.