Ive Created a USB Allow and Deny Policy and they are working fine
How Ever its removed any Other Partitions from the main HHD
Can you advised what i need to add to get this to work
ive tried wild cards and adding the device ID
Wondering if anybody else has come across this
We recently upgrade to Ghost 3.3 RU2 with iPXE (faster way of connecting devices to imaging sessions)
Laptops and PCs with dedicated Ethernet ports are working (when secure boot is disabled)
We have some new devices that have no Ethernet ports – we have a mixture of USB Ethernet adapters
The drivers have been added and if you use PXE they work and image fine
However if we try using iPXE they boot and download the wim file but then freeze and dont load the WinPE – we have tried leaving it all afternoon but nothing happens
If we try it again and wait until the ipxe starts and the wim file download reaches 100% and then remove the USB Ethernet adapter for a few seconds then plug it back in the WinPE session loads and the device joins the session and images fine. Its as if it gets stuck trying to pass some type of security check – maybe UEFI related.
Just wondering if anybody else has come across this issue ?
we have a requirement ,where we want to whitelist USB devices through device control policy.As i see in the SEPM policies that endpoint can get the new policy not less than one hour.
Do we have alternate way to get the synchronization done in few mins through command line or other options to speed up the process.
Note: Machines are connected in network only.
I am the SEPM admin for an organization, and we currently have rules in place to block access to USB storage access on our endpoint PCs. We have it set up in SEPM’s device control to notify the users that USB storage access is blocked by company policy. This is working pretty well for us, but I have been notified by users that they receive the same popup for devices that are “allowed/unblocked”, as well. These are USB devices like headsets and mice, which have already been explicitly allowed in the blocking exclusions.
I realize that this was due to the notification settings. It shows in SEPM this popup notification is displayed on the user’s SEP client whenever a device is blocked or unblocked. Obviously, the message it displays about USB storage being blocked doesn’t really apply to these HIDs, but it causes users to be concerned and wonder if functionality has been hampered. (The popup message actually does show “Allowed the device” at the top of the message, but the combination of the two messages in the Win10 notification area causes confusion.)
I was hoping for either a fix or creative solution to have the notification message differentiate between whether a device was blocked or unblocked. We do appreciate providing our users notifications when their USB storage device has been blocked, so I’d like to keep this setting enabled. This way, they can reach out to our support team and see about doing an alternate method of file transfer. Ideally, however, I would prefer they NOT receive a popup notification when the device is unblocked/allowed.
-We recently upgraded SEPM to the latest version: 14.2.4815.1101
-Most clients still have version 14.0.3897.1101, will be updating to new version soon
I am working on creating a Ghost image of Windows 10. I am using stand alone version of norton ghost 3.3 which is the latest one from norton. Along with WINPE10. My PC is configured to boot in UEFI only mode.. I am creating image in following way: in winpe mode –>disk –> to image –> source is O.S drive –> destination –> Usb –> create Image restoration is done in following way –> winpe mode –> disk –> from image –> src=usb –> DST=drive 1. Image gets restored successfully. When I boot the target machine I get a blue screen error saying “your PC needs to be repaired”. I am not sure what is wrong in this procedure. Also both the source and target machine are identical machine.. I am stuck at this phase. Could someone please help me to resolve this..
I recently faced an issue with my Laptop running Windows 8.1.
I believe it came from leaving a bootable USB Stick inserted while the machine went to sleep.
However, after getting it woken up by pressing the power button once it came up with a Windows Screen telling (picture1):
Your PC needs to be repaired
A required device isn’t connected or can’ be accessed.
Error code: 0xc000000e
You’ll need to use the recovery tools on your installation media. If you don’t have any installation media (like s disc or USB device), contact your system administrator or PC manufacturer.
Press Enter to try again
Press F8 for Startup Settings
Unfortunately neither “Enter” nor F8 offerns anything but the screen above.
I sticked to the Preboot Execution Menu, selected “Log Files” and found that there might be something wrong around data integrity (picture2).
Is there any way to convince the software to let the Laptop start?
My understanding is that the Endpoint Protection is not operating as expected leaving the Filesystem unreadable for Windows, resulting inthat screen for recovery.
It would be most appreciated if someone could point me to where to go with that. I at least need to copy some data off that SSD, I don’t mind for a full OS re-install later on.
MANY THANKS IN ADVANCE!
We currently are using SEP 15 (hybrid with clients on 14.2).
Our policy blocks all access to the USB Class 36fc9e60-c465-11cf-8056-444553540000.
We’ve been carving out exceptions as needed and one of those of those devices in question is a vendor specific secure thumb drive.
Through initial testing I realized that allowing:
didn’t do the trick and I needed to whitelist the parent device which was
This worked fine for months and then on October 9th these devices (along with clickshare and some others) began being blocked again despite nothing having changed. The policy has been through a few new versions, but the whitelisting of those devices hasn’t changed. No method of whitelisting I’ve tried seems to do the trick anymore so I’m not sure what I’m missing.
Any help or guidance would be appreciated.
Looking for a while at the best way to exclude specific systems either by name or Computer Group from monitoring/blocking USB drive access.
Our environment has some systems that use test boards and USB connections that we want to take off of monitoring. Best way I have found it just to add them to a different Agent Config so that the USB isn’t monitored. Are there other options to this?
Also is there a way to define a list of systems much the way User Groups from AD can be added to DLP?
Sorry if this seems remedial but we are just now setting up DLP new…again.
I’m looking info to create a bootable USB or disk, in order to make a full scan on a server which we suspect is currently infected.
I was searching but I only find this info for older versions of SEP.
Thank you for all your help on this!
We’re using SEPC’s feature, Connected Storage Devices, to block external USB drives on Windows machines, but I noticed I don’t see it mentioned for macOS. Is it possible to prevent external storage devices to be used on macOS devices as well? If not, then will this be a feature soon?