HOW TO: Add a PCI device exclusion using Symantec Drive Encryption (formerly PGP WDE) Command Line
Updated On:09-05-2013 13:54
This can be useful when you have a laptop that is docked on a docking station or other USB devices attached to the system (such as a USB webcam), or else an PCI Express Raid Card, an internal smart card reader, etc. Anything that uses a PCI device ID. This will allow you to exclude this device from BootGuard. This is most commonly used to address a problem with USB token initialization at the preboot authentication screen known as BootGuard due to conflicts with this other USB device but can also be used to disable other devices at the BootGuard preboot screen.
Here is how to add an exclusion for a PCI device.
As an example: USB Host Controller, thereby excluding the USB Host Controllers from being probed by BootGuard at startup.
To add an exclusion, do the following:
Determine the Device Id and Vendor Id of the USB Controller or device
Gather the Device Id and Vendor Id for the device on your system. The Device Id and Vendor Id information is available in the Windows Device Manager.
If the problem is with a USB device. You can also use a freeware utility such as USBlyzer or a Linux Live CD to obtain this information using a command such as: lspci on Linux.
To obtain this information using Windows Device Manager:
Right-click My Computer and select Properties or by clicking the System icon in the Control Panel
Click the Hardware tab and select the Device Manager button
The Device Manager screen is displayed
Expand the PCI device (ie. USB Host Controller, Smart Card Reader, Raid controller, etc).
Right-click on the device and select Properties
Click the Details tab, notice and record the numbers following VEN and DEV in the Device Instance Id details
In the following example, the VEN_8086 and DEV_2688 entries report the vendor and device Id for the controller.