You want to create a policy that will allow a specific list of usb drives.
Adding external USB drives to the Hardware Devices list
1. Open the Symantec Endpoint Protection Manager
2. Click on Policies
3. Expand Policy Components
4. Click on Hardware Devices
5. Click Add a Hardware Device...
6. In the field Device Name: usbstorage Note: This can be anything
7. Choose Device ID: USBSTOR\* (Note: This must be all capital letters and must be spelled correctly)
8. Click OK
How to add USB by device ID
On the Symantec_Endpoint_Protection_11.0.XXXX.XXX_MRX_AllWin_EN_CD2.xxx you will find the TOOLS/NOSUPPORT/DEVVIEWER. Download the DevViewer.exe file.
1. Place a USB thumb drive in the USB port
2. Open the DevViewer utility
3. Expand Disk drives in the DevViewer
4. Select USB Flash Memory USB Device
5. In the right hand panel under USB Flash Memory USB Device right click in the panel and choose Copy Device ID.
6. Open the Symantec Endpoint Protection Manager
7. Click on Policies
8. Expand Policy Components
9. Click on Hardware Devices
10. Click Add a Hardware Device...
11. In the field Device Name: Allow USB (Note: This can be anything)
12. Choose Device ID: and paste the device id for the USB in the field
13. Click OK
How to create a rule that will allow only specific USB’s on to your network.
Title: 'How to block programs extensions from running from removable drives.'
Document ID: 2009020313373948
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009020313373948?Open&seg=ent