I have just started testing DLP. My boss want us to be able to log ( and where the logs are) a user when a Flash drive is plugged in to a workstation with the user and the PC name and any other information, is this possible? with DLP?
Use the following as a guide, I assume you have the DLP Module and Agents are deployed:
Create a group in AD, add users to it.
Create User assignment group to DLP and add AD group to it.
Create a device definition to define your Flash Drive criteria.
Create a device rule (removable storage) that includes your defintion. Ensure to add you User Assignment group to the rule.
Apply the config to the ePO policy. Start testing and tweaking at the client side.
If you need to be alerted to these events, this can be done via automatic responses within ePO.
As for the logging of these events, it will all be in the ePO and DLP databases, you can run queries against these.
Essentially, you can do what you have asked. Check out the product documentation for full details.
Thank you much.....Mark
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC