I am in preparing to replace our current DLP solution with McAfee's solution. I have a Removable Storage Protection rule to require justification when data is moved to removable storage. There are two strange things I noticed:
The dialog does not pre-empt the movement of data. Therefore a smart user could just copy the data, remove the drive, and hit cancel and the loss of data could not be prevented. Arguably, with justifications we are not preventing an merely providing alerting, however, in practice these dialogs make people thing and often change their mind. Can this be done to prevent?
If I copy multiple files in a single operation (drag and drop a folder or extract files from a ZIP file, for instance), I get separate dialogs for each file. I would think that one dialog would be sufficient per action. Is there anyway to do this? Obviously, I don't want a user to have to select the justification 1500 times if they really have to move that many files to a USB drive.
Because questions often come with "what are you trying to accomplish" type questions, I'll clarify now. Our primary goal to have an audit trail for data that leaves the system. We don't need a justification, but they should at least have to acknowledge the dialog (Yes/No). Since we still have a lot of legitimate uses of USB drives, blocking or setting to read-only is not appropriate. The most important requirement is that the content process be as user-friendly as possible.