cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
eg123
Level 7
Report Inappropriate Content
Message 1 of 7

DLP-Monitor: Traffic Rules not working

Hi Guys,

 

I defined some traffic rules for my dlp-monitor appliance in ePO > DLP Appliance Management 11.2.0 > McAfee DLP Monitor Settings > Traffic Rules, but it seems not working at all, i can still see the incidents in dlp incident manager.

Any thoughts why? i'm using lastest 11.2. i ran "scm statsc -a |grep policypush" and can confirm my appliance has the correct policy from ePO. attached a screenshot of my settings:

Snipaste_2019-05-20_06-18-47.png

6 Replies
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: DLP-Monitor: Traffic Rules not working

In such scenario, I would recommend logging a service request with McAfee Technical Support. You can check few more settings.

1. Which Proxy you are using? Are the settings correct?

2. Are there any Classifications defined? Any integration with LDAP?

3. Did it work anytime?

eg123
Level 7
Report Inappropriate Content
Message 3 of 7

Re: DLP-Monitor: Traffic Rules not working

Just a quick question, before contact technical support, is my traffic rules settings correct?

 

McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: DLP-Monitor: Traffic Rules not working

The option that is enabled is Default and looks to be okay.

 

Re: DLP-Monitor: Traffic Rules not working

Hello,

 

Did you define rule for Web Protection or Email protection in DLP Policy manager? There you can set a rule with specific classification criteria.

 Probably I misunderstood it. Could you describe your intention? Afterwards I can try help you if you want.

Best Regards,

Pavel

 

I

eg123
Level 7
Report Inappropriate Content
Message 6 of 7

Re: DLP-Monitor: Traffic Rules not working

Hi Pavel,

 

the issue is i want to exclude specific URL (for instance, http://dlptest.com) from being analyzed by DLP-monitor, so defined a traffic rule but seems it's not working... 

i can still see new incidents generated when uploading sensitive files via http://dlptest.com.

 

btw, as per my testing, seems my traffic rule setting was wrong. i'm still troubleshooting it, will share more details once i have data. thanks.

eg123
Level 7
Report Inappropriate Content
Message 7 of 7

Re: DLP-Monitor: Traffic Rules not working

hi guys, i'm wondering how exactly the traffic rule works?

 

as per the testing, i use the below settings but both not working:

1. URL  --  does not match  --  http://dlptest.com  --  Analyze Traffic = YES

2. URL  --  matches  --  http://dlptest.com  --  Analyze Traffic = NO

 

as per the product guide:

McAfee DLP Monitor analyzes the traffic rules in a top-down priority order. The analysis stops when it finds a match, and takes the corresponding action.

 

why it doesnt work...?

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator