cancel
Showing results for 
Search instead for 
Did you mean: 
paul.smith
Level 7

Creating Device Rules that do not block each other out

Hello McAfee community,

I am currently configuring our DLP 9.2 agent to be deployed for the first time and i am coming across a couple of  issues while creating the removable storage rules.

We have a lock down all USB's policy due to the sensitive nature of the data we have here. Anything that requires access is done by exception.

The way i have approached it (which could be the wrong way) is to create a removable storage device definition group with everything that we wish to lock down (ie USB's). Then when we need to unlock a specific device i create a new rule, add in the definition group then using the device ID have that excluded from the rule and hey presto, USB's are locked down except for this particular device for the specific assignment group.

This works great so long as no one is added to two different rules, otherwise each rule blocks the device that is being excluded by the other and nothing works!

Is there any way around this problem?

Thanks in advance,

Paul Smith

0 Kudos
3 Replies
krylosz
Level 7

Re: Creating Device Rules that do not block each other out

I am asking myself the exact same thing. Does anybody have a useful solution? Because as it is, I'm forced to do one rule: block everything except a couple of devices.

0 Kudos
virgona
Level 9

Re: Creating Device Rules that do not block each other out

Pls check kb60861, https://kc.mcafee.com/corporate/index?page=answerlink&url=0bc97397072bd71a8a439b60a92c8cb6bcf890c2e2...

It looks exclusion should be covered in same rule. Different rules relation is standlone, filters are not merged.

0 Kudos
virgona
Level 9

Re: Creating Device Rules that do not block each other out

Pls check KB77051, a two rules solution.

-------------------------------------

...

4. Create two User Assignment Groups:   

  1. User Assignment Group 1 (UAG1)       
    • Active Directory group to be allowed
    • Specific user to be excluded
           
  2. User Assignment Group 2 (UAG2)        
      • Specific user to be included

...

6. Create two Device Rules:   

  • First Device Rule - Ensure that UAG1 is added and has the exclusion of the specific user.
  • Second Device Rule - Include all USB and exclude the USB Device Definition that you created for the single device. Then, add UAG2 and finish.       

...

0 Kudos