search cancel

Endpoint Protection Device Control rules are not applying to guest VM


Article ID: 175304


Updated On:


Endpoint Protection


A machine is running guest Virtual Machines (VMs).  Symantec Endpoint Protection (SEP) is installed to the host, but not to the guest/clients.  Application and Device Control (ADC) device control policies are not getting triggered on the guest/client VMs when new devices are added.


That type of communication will bypass the host and will not be detected by Application and Device Control (ADC).  The virtual client is not going to be using Windows APIs on the host to access the allocated hardware.  That client communication to the assigned hardware will not be visible to the host. 


To prevent access to prohibited devices, safeguards will need to be put in place to prevent that such as:

  • Ensuring that SEP is installed on the guest operating systems.
  • Preventing the use of virtual players on workstations where proper safeguards cannot be put in place.