A USB drive may remain writable despite a read-only ADC (Application and Device Control) policy in SEP (Symantec Endpoint Protection), or related policy configuration in SEP Cloud products.
SEP / SEPC / SEP SBE Cloud
Some USB drives are recognized as a SCSI device (UAS or USB Attached SCSI) in Windows 10 and as such the usual SEP ADC rules were not properly recognizing them.
Device IDs in such cases are prefixed by SCSI instead of USBSTOR
SEP Enterprise customers should upgrade to SEP 14.2 MP1. This issue is addressed in that version with a "removable drive" category and related rules that will now properly recognize such drives. USB rules will still not work for UAS drives because of the device ID differences.
Workaround in earlier versions of SEP: customize the ADC rule(s) to look for specific device IDs.
This issue remains under investigation in SEP SBE Cloud and SEPC products, currently without workaround.
Symantec is aware of this issue and will update this article when a solution becomes available. Click the Subscribe to this Article button to be notified of future updates through email.
ID: 4184583, 4173218
Subscribing will provide email updates when this Article is updated. Login is required.