cancel
Showing results for 
Search instead for 
Did you mean: 
bigag
Level 7
Report Inappropriate Content
Message 1 of 3

DLP - Content Tracking - path and wildcard

Hi community.

 

Is there a way to use wildcard in a Content tracking "McAfee DLP Endpoint ignores access to file"?

We need to ignore DLP when thunderbird.exe run for first time and need to ignore msf files in %userprofile%\AppData\Roaming\Thunderbird\Profiles\onqgmfkx.default\ImapMail\mail.name

onqgmfkx.default is a random name for thunderbird profile.

 

Only works with the full path name... and need a wildcard for the more users.

2 Replies
McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: DLP - Content Tracking - path and wildcard

Bigag,

You can use environment variables in the folder name. If no folder name is provided, the process is whitelisted and is not monitored by application file access rules.

For example, %userprofile%\AppData\Roaming\Thunderbird\Profiles\*

 

Have you tried the above configuration?

 

Thanks

 

bigag
Level 7
Report Inappropriate Content
Message 3 of 3

Re: DLP - Content Tracking - path and wildcard

Yes, I tried.

After change to wilcard path I have an error at open Thunderbird, because the file inbox.msf contains a protected phrase....

Incident ID:

563292

Occurred (UTC):

April 4, 2019 8:15:21 PM

Occurred (Custom):

April 4, 2019 2:15:21 PM

Occurred (Endpoint):

April 4, 2019 2:15:21 PM Central America Standard Time

Incident Type:

 Application File Access Protection

Actual Action:

Block

Expected Action:

Block

 

I would like upload an screencapture.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center