Introduction

 

  Encryption for Files and Folders 4.1 (EEFF) introduces new features for Endpoint Encryption for Removable Media (EERM).
These new features offer an even better and more comprehensive way of handling removable media, both inside and outside the company.
It has a very low need for user interaction and administrative tasks, while also offering the highest flexibility and of course the highest security.

The following requirements and use cases will be covered in this document:

EERM in Endpoint Encryption for Files and Folders 4.1:

 

- Ensure no data is copied to removable media without being encrypted

 

This is the basic requirement. The goal is to ensure that all data written to removable media is encrypted.

 

- Block writing of data to CD/DVD media

 

Only a small number of users still need to write data to CD/DVD. These write operations should be monitored and secured by an Endpoint DLP solution,
and all other uses should simply have read-only access to CD/DVD media. This can be done with EEFF or with McAfee Device Control.

 

- Let the user decide what to do when removable media devices are larger than a certain size (e.g. 64GB).

 

To ease the user experience, EEFF allows the user to determine the size of the encrypted container that will be created on their removable media.
This makes encryption faster on large devices by encrypting only a portion of the device rather than the entire device. The EEFF policy can be further
configured to prevent writing data to the non-encrypted portion of the device.

 

- Possibility to recover encrypted removable media

- Users can only recover their own devices

- All encrypted removable media can be recovered by central management

 

Enabling users to only be able to recover their own devices helps meet internal security policies. This configuration also ensures that support teams and EEFF
administrators can recover devices by leveraging the ePO administrative functions.

 

 

Step by Step Guide for configuration:

 

Enable User Personal Key feature

 

   1.  ePO Menu > Data Protection > EEFF Keys

   2.  Click Edit


eeff_keys_personal.png

 

   3.  Click Enable User Personal Keys

   4.  Click Save

 

 

Assign User Personal Key to policy

 

   1.  Click ePO Menu > Policy > Policy Catalog

   2.  Choose Endpoint Encryption for Files and Folders 4.1.0 from the Product drop down list

   3.  Choose Grant Keys (UBP) from the Category drop down list

   4.  Create Duplicate from McAfee Default policy

   5.  Edit policy by clicking the name of new policy

   6.  You will see a new key in the Available Keys section. Add the User Personal Key to the Selected Keys section


user_personal_key_policy.png

 

What is actually the User Personal Key feature?

 

User personal keys give you the ability to create user‑specific encryption keys. These keys are created

at the McAfee ePO server when the user logs on to the client system for the first time after the policy

is enforced.

 

Why creating a new policy rather then using an existing one?

 

It simply saves time, otherwise you would need to add the User personal key to every existing policy. In addition to that Grant Key policies do support

multiple assignments, so you won't run into problems if you need to assign other keys as well.

 

 

Configure EERM Policy

 

   1.  Click ePO Menu > Policy > Policy Catalog

   2.  Choose Endpoint Encryption for Files and Folders 4.1.0 from the Product drop down list

   3.  Choose Removable Media (UBP) from the Category drop down list

   5.  Edit a existing or create a new one by click Duplicate

   6.  Set Protected Area to Entire device, set 64 Gb as size for exceptions and choose User managed as result.


eerm_policy.png

 

   7.  Click Use recovery key and select User Personal Key from drop down list

 

eerm_recovery_policy.png

Note!

 

Add more recovery methods as needed and make them mandatory.

 

 

  8.  Click Make unprotected files, folders and devices read-only (on a client machine with EEFF installed)

 

eerm_unprotected_policy.png

 

   9.  You might also want to change the text which appears on inserting an unprotected removable media from default to something individual

 

eerm_ui_policy.png

Note!

 

In case of using the default message, the message will be displayed in the language based on the operating system and which is supported

by Endpoint Encryption for Files and Folders. As soon as an individual text is configured there would be the need to configure a separate policy

for every needed language.

 

 

Check Password Rule policy

 

   1.  Click ePO Menu > Policy > Policy Catalog

   2.  Choose Endpoint Encryption for Files and Folders 4.1.0 from the Product drop down list

   3.  Choose Password Rules from the Category drop down list

   5.  Edit an existing or create a new one by click Duplicate

   6.  Check and modify policy as needed

 

eeff_password_policy.png

Note!

 

This policy sets the password complexity rule for EERM, User Local Keys and Self-Extractor files.

 

 

Make User Personal Keys available for recovery

 

   1.  Click ePO Menu > Data Protection > EEFF Keys

   2.  Choose User from the Preset drop down list

  

eeff_keys_personal.png

 

   3.  Click the user key you want to make available

   4.  Click Actions > Edit Key

   5.  Click Available as regular key

 

make_user_personal_key_available.png

   6.  Click OK

 

The user personal key is now available as regular key and can be assigned to any Grant Key policy in order to be able to recovery removable media

 

 

Check EERM reporting capabilities

 

   1.  Click ePO Menu > Reporting > Queries & Reports

   2.  Choose Run from the Removable Media Device Events which can be found in the Shared Groups section under EEFF Queries

 

eerm_reporting.png


EERM reports following information:

 

System Information

  • User Info (DomainName\UserName)
  • Time Stamp
  • Agent GUID

 

Initialization

  • Initialization State (FAILED, CANCELLED, SUCCESSFUL)
  • Backup State (NONE, FAILED, CANCELLED, SUCCESSFUL)
  • Backup Size
  • Time taken for initialization
  • Time taken for backup
  • Size of protected part (Valid only when initialization has completed successfully)
  • User Response (ACCEPTED, REJECTED (when user selects to Yes/No for EERM initialization prompt))


Device Information

  • Size (Bytes)
  • File System of device (FAT, NTFS, EERM : in case EERM protected devices)
  • Vendor Name
  • Product Name
  • Exempted (YES, NO, UNKNOWN)
  • Protected (only EERM protected devices are considered protected) (YES, NO, UNKNOWN)

 

Note!

 

Only relevant information is captured in each event. For example, Device Insert Event will not contain “Initialization State” field

 

 

EEFF 4.1 comes with two default reports. Of course you are able to create customized reports as well.
Some interesting examples could be:

 

  • Top 10 Removable Media Users
  • A list of all users who have rejected removable media encryption
  • List of the most common removable media devices in my environment

 

Check out the EEFF POC Installation Guide for a step by step guide to create a "Top 10 Removable Media Users" report.


https://community.mcafee.com/docs/DOC-4473