Endpoint Protection Device Control rules are not applying to guest VM
Last Updated July 01, 2019
A Symantec Endpoint Protection (SEP) Device Control block rule (such as a rule to block all USB devices) is failing to block devices which are being accessed by a guest virtual machine (VM).
That type of communication will bypass the host and will not be detected by Application and Device Control (ADC). The virtual client is not going to be using Windows APIs on the host to access the allocated hardware. That communication to the assigned hardware will be invisible to the host.
To prevent access to prohibited devices, safeguards will need to be put in place to prevent that such as:
Ensuring that SEP is installed on the guest operating systems.
Preventing the use of virtual players on workstations where proper safeguards cannot be put in place.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe