I am struggling with a rule for DLP. I am hoping someone can help.
So my basic setup is as follows:
Monitor all rule for everyone
(Read-Only/Notify) for all USB devices
Then I have 3 excluded devices which are approved Encrypted Keys.
I have had a request to allow 1 non encrypted card reader to be able to delete .JPG files from 1 machine. A user has a camera which they use to import into an application and the application then needs to delete the files. (There is no way to stop the application trying to delete the files)
I can partial get this to work with a Protection Rule, but have come across a few issues.
1. I can only seem to create a Protection Rule that applies to Encrypted and non Encrypted keys which obvioulsy I don't want.
2. If I try and select just non encrypted devices in the Protection Rule I am told I need to us Tags? I don't really understand how these tags work, so any help would be appreciated.
I have the same scenario.
Let's assume everyone is Group A. Group A maps to an OU in Active Directory that all users are under.
I have one group of users who use card readers for handheld equipment. Lets call them Group B (mapped to an OU in my structure)
What I do is have 2 different user groups:
Group A includes all users and exclude Group B.
Group B includes just the OU of users who need readers.
You could also map to AD groups instead of OU but I do it this way.
You then have to make a device definition for your card reader (by VID/PID)
Make 2 rules: one that is assigned to your "Everyone" Group which blocks all devices except your approved keys.
Another rule is the exact same but excludes the Device definition you setup for the card readers and is assigned to Group B.
The only downfall I have is I now have to maintain 2 rules.
There may be a better way, but this is how I do it.Message was edited by: JoeyMc on 9/29/11 11:55:10 AM EDT
Thanks for your reply.
I already have what you have decribed setup at the moment, but I want to lock it down further so they can only delete image files from the SD card, which I can partially do with a Protection Rule.
I am assigning this Rule to the computer rather than the user to lock it down further.