File & Removable Media Protection (FRP) provides the capability to encrypt sensitive content on local drives and network shares based on either application (File encryption policy) and/or location (Folder encryption policy). This blog post focuses on the use case where you have sensitive content on network file shares that you want to protect and provide access to only a restricted set of users.


Some of the benefits/advantages that this solution offers are:

  • Centralized Management (ePO)

Best of breed management console that can manage all Endpoint Security products; if you have already have this set up, there is absolutely no additional overhead. Installation of FRP extension and installation to clients will take a just few minutes

  • No need for a separate Key Server/Manager

ePO also functions as a Key Server/Manager; encryption keys are generated and managed centrally on ePO

  • Use of Symmetric Keys

This results in primarily two benefits: minimal effort in handling key management & assignments and more importantly enables a transparent user experience with very minimal user intervention

  • No need to install any component on file shares

FRP clients (endpoint nodes) do the work of encryption/decryption etc.


The process of protecting sensitive content on file shares is relatively straightforward and consists of 3 steps:

  1. Creation of FRP Encryption Key(s): To be used for protecting sensitive data
  2. Creation of Policies: Grant Key Policy, Folder encryption Policy, Network Policy
  3. Policy Assignment: of the above policies to system(s)/user(s)

 

Document detailing the architectural considerations and workflow with screenshots is available here: https://community.mcafee.com/docs/DOC-7211