cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
KristineReed
Level 7
Report Inappropriate Content
Message 1 of 2
‎08-24-2021 12:28 PM

DLP Incident Manager - document release?

Jump to solution

Hello,

Our current Email DLP solution has a way for us to mark an email item as a false postive, then it 'releases' it and lets the email continue on.  I am looking for a way to do that with McAfee DLP.  We have users that are allowed to write non-PII to a USB drive.  Sometimes a log , or something similar,is copied out to a USB drive and that log may contain a string that resembles PII (SSN, CC, SIN) and McAfee DLP blocks the user from copying it to the USB drive.  The user receives a pop-up notice telling them why they have been blocked and giving them a department to contact for more info.  So the user contacts that department (who we have set up to review Incidents) and complains that they were not writing PII to the drive.  The reviewer has a look and determines that the event was a false positive.  I would like for the reviewer to be able to 'release' the document so that the user can copy it to their USB drive.  Is this possible?  I realize there is an option somewhere to do a DLP bypass, but doing this would then allow the user to write actual PII to the drive if they were so inclined.

If this use case isn't feasible, is there another solution that someone out there is using for a similar situation?

0 Kudos
Reply
1 Solution

Accepted Solutions
JaganA
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2
‎08-27-2021 01:17 AM

Re: DLP Incident Manager - document release?

Jump to solution

@KristineReed Thanks for posting here.

At present, reviewer to release the document is not available with the product. Bypass DLP agent is something that informing DLP agent to take no action.

However, I feel the request is valid, please submit Product Enhancement Request (PER) for the product management team to review it. For details, refer to KB60021

JaganA
McAfee Employee

Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?

View solution in original post

Reply
1 Reply
JaganA
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2
‎08-27-2021 01:17 AM

Re: DLP Incident Manager - document release?

Jump to solution

@KristineReed Thanks for posting here.

At present, reviewer to release the document is not available with the product. Bypass DLP agent is something that informing DLP agent to take no action.

However, I feel the request is valid, please submit Product Enhancement Request (PER) for the product management team to review it. For details, refer to KB60021

JaganA
McAfee Employee

Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC