How to use Manual Classification in DLP Endpoint

Version 5

    Introduction

     

    Hello and welcome to this document on how to use Manual Classifications in DLP Endpoint.

    Manual Classification allow users to classify unstructured data by themselves without relying on regular expressions or dictionaries, or they can be used in conjunction with them.

    By classifying data when it’s created, this can help increase the efficacy of McAfee DLP and decrease the potential that sensitive data is leaked.

     

    Okay, great, let’s get started.

     

    Video

     

     

    Configuring Manual Classification

     

    Our first step is to set up our Classifications. Go to Menu > Classifications

     

    01.png

     

    Now, click on the Manual Classification tab.

     

    02.png

     

    Here, we can create new classifications. Let’s create a new classification with the New Classification button. I’m going to create a new classification called “Top Secret

     

    03.png

     

    I’ll want to add users that will be able to use this manual classification. I can Allow Everyone to classify files or I can select specific end user groups with the Select End-User Groups option. For now, I’m just going to select Allow Everyone.

     

    04.png

     

    I’m also going to create a “Public” classification and Allow Everyone to use this as well. This classification will allow the users to classify a file that has fewer restrictions.

     

    Next, using the View dropdown near the top left, I’m going to select “General Settings”.

     

    05.png

     

    Here, we have several options for our classifications. I’m going to enable the option to “Force end user to classify file if the file was never classified before.” This will ensure that your users review the classification of the file before saving it. Make sure to save your configuration in the bottom right.

     

    06.png

     

    Our next step is to add our Top Secret classification to a Rule Set.

    Go to Menu > DLP Policy Manager

     

    07.png

     

    Now, create a new Rule Set with Actions > New Rule Set and call it Top Secret Rule Set.

     

    08.png

    09.png

     

    Select the Top Secret Rule Set from your list of rules.

     

    10.png

     

    In this rule set, I’m going to add a Cloud Protection Rule with Actions > New Rule > Cloud Protection

     

    10a.png

     

    I'm going to name it Top Secret Cloud Protection Rule. I'm also going to Enable it, and set Top Secret as the classification with the three dots next to Classification. I’m also going to select all of the cloud services and then save it.

     

    11.png

     

    In the reactions, I’m going to set the Action as Block, setup a user notification with the Default Cloud Notification, and check the box next to Report Incident.

     

    12.png

     

    I can now just save the Rule Set by clicking Save and then move to the previous screen with Close.

     

    13.png

     

    Finally, I’m going to assign the policy under the Policy Assignment tab.

     

    14.png

     

    Go to Actions > Assign Rule Sets to a policy and assign the Top Secret Rule set to the DLP policy that is assigned to your system in the ePO system tree (it's My Default DLP Policy in my environment).

     

    15.png

    16.png

     

    Next, I’m going to go to Actions > Apply Selected Policies and select the DLP policy that was set to your system (as above, it's My Default DLP Policy)

     

    17.png

    18.png

     

    Great, now our Manual Classification Policy is configured. Let’s just do an Agent Wake Up to get the policy onto the client.

     

    19.png

     

    Using Manual Classification

     

    Moving to the client system, I’m going to open up Microsoft Word. Here we can see a new Manual Classification button on the HOME ribbon in Word. I can click on it and assign a classification to the document directly, but I’m just going to leave that alone for now and instead just save my document.

     

    20.png

     

    When I go to save my document, it will pop up a dialog box and I have the option to provide a classification. I’m going to select Top Secret and save the file. This box comes up since I had checked the box for "Force end user to classify file if the file was never classified before."

     

    23.png

     

    Now that the file is classified as Top Secret, I’m going to try to transfer it to my cloud storage on Microsoft OneDrive. When I try to move it, my Cloud Protection Policy will prevent the file from being transferred since I have the Cloud Protection Rule that prevents files classified as Top Secret from being copied to cloud services.

     

    24.png

     

    One important thing to note is that if I try to move the file, it will put the file into quarantine and it will no longer show up on the desktop. It may look like the file is gone but it’s just now in the local DLP quarantine directory. This won’t be an issue if the file is copied.

    When I open the text file, it’ll provide me the path to the quarantine directory. I’m just going to go ahead and retrieve my file and put it back on the desktop.

     

    25.png

     

    I also have the ability to classify the file with the contextual menu in Windows Explorer. When I right click on a supported file, I can select Data Protection > Classify File.

     

    26.png

     

    Now it will open up the Manual Classification menu and I can change its classification. I’m just going to select the first radio button to mark the file as NOT CLASSIFIED.

     

    27.png

     

    After I modify the file, I can now move it successfully to my cloud service since it is no longer classified as Top Secret.

     

    28.png

     

    As we can see, Manual Classifications are a powerful tool for users to classify file with unstructured data types. Since users often times have the best knowledge of what to classify their data as, this provides them an easy way to control how data is classified within your organization.