Symantec Endpoint Encryption (SEE) Removable Media Encryption (RME) provides the ability to exclude specific devices from being encrypted. Adding devices to the exclusion list means that the RME policy will not apply to this device.
Adding devices to the exclusion list is useful when users know specific devices they want unaffected by RME.
Note: For information on how to exclude specific devices for SEE RME, see KB article TECH254413.
During client creation (or policy configuration), navigate to the page titled Removable Media Encryption Installation Settings - Device and File Type Exclusions
Select the checkbox under Device Exclusions named Exclude these removable media encryption devices from encryption. Next, fill out the Vendor ID and Product ID fields. Devices with matching Vendor and Product IDs will be excluded from the RME policy of this client after finishing the client creation process.
To find the Vendor ID and Product ID of a device, perform the following steps:
Confirming Device Exclusion
You can confirm the new client (or policy) is successfully excluding devices by plugging a device with a matching Vendor and Product ID into a computer that has the client installed with the new policy.
When you plug in an excluded device, you will receive a notification that the removable media device is excluded from encryption:
When opening the SEE Management Agent using the Run as Administrator option, you can also go to the Policy tab and see A device is added for exclusion at the bottom of the page:
For more information on SEE RME Exclusions, see the online Help.
Note: For information on how to exclude specific file types for SEE RME, see KB article TECH2554413
Important Note on GPO Policies: If you are not seeing any of the above screens, and you are using GPOs to manage SEE RME, make sure you are going to the same Windows server to edit the GPOs where the SEE Management Server is installed. This will then be available for you.