Hello McAfee community,
I am currently configuring our DLP 9.2 agent to be deployed for the first time and i am coming across a couple of issues while creating the removable storage rules.
We have a lock down all USB's policy due to the sensitive nature of the data we have here. Anything that requires access is done by exception.
The way i have approached it (which could be the wrong way) is to create a removable storage device definition group with everything that we wish to lock down (ie USB's). Then when we need to unlock a specific device i create a new rule, add in the definition group then using the device ID have that excluded from the rule and hey presto, USB's are locked down except for this particular device for the specific assignment group.
This works great so long as no one is added to two different rules, otherwise each rule blocks the device that is being excluded by the other and nothing works!
Is there any way around this problem?
Thanks in advance,
I am asking myself the exact same thing. Does anybody have a useful solution? Because as it is, I'm forced to do one rule: block everything except a couple of devices.
It looks exclusion should be covered in same rule. Different rules relation is standlone, filters are not merged.
Pls check KB77051, a two rules solution.
4. Create two User Assignment Groups:
6. Create two Device Rules: