Im just piloting DLP 9.0 on some of our users computers and have set up a USB/Firewire removeable storage device policy which is successfully monitoring device usage and also copying files out of the system onto those devices for the users where I have deployed it.
A policy I would like to look at but am not too sure how to start defining it, is one where I can adopt a similar method of monitoring users who copy files off to floppy disk or burn them out to a CD/DVD drive.
Has anybody configured such a policy or could anybody point me in the right direction where to start?
Create definition for CD/DVDs like you did for USBs. Check if the floppy drives are managed ..if not make those managable and create definitions for them.
Once you create the device definition - You are all set to go for the rules!
Thanks AB that is very helpful and has helped me almost finish the setup we want
Ive created a Removeable Storage Device Definition of Device Type CD/DVD Drives for those, the only thing Im unsure of is how do I make the floppy drives manageable because I cant see in the device definition criteria where I can select floopy drives?
Actually coming back after trying to get the monitoring of files copied to CD/DVD devices I cant figure out how to make that monitor file copying, only the connecting of the device?
Go to Device Definition - Plug & Play def - Click on device class - select Floppy drives
Now ur defintion is ready - go for the rule
Thanks AB, I have the definition set now so that it will monitor for plug and play devices of the classes Floppy Drives or CD/DVD Drives.
What I want to do now is make a protection rule to monitor the copying of file to these devices, although when I go to the area I can only create one for removable storage (Add New > Removeable Storage Protection Rule)
Creating content rules are a little bit different from the way you create your device rules. The first thing is - what exactly you want to protect! (what is the pattern/keyword in the file that would trigger the protection rule). For that you need to create patterns through regular expressions. Don't use MFE default patterns as they create a lot of false positives. You need to fine-tune your expressions.
You can take help of professional services from McAfee who are the champions and they will better assist you in understanding the rules and creating the expressions. Thanks Chris.
Thanks AB, we really just want a catchall type rule where anything thats copied out of the system onto removeable media or USB device is monitored and recorded that is has been copied. Struggling to even know where to begin with setting a rule to monitor copying of any file to floppy/cd drives.
How is best to contact McAfee support for assistance?