cancel
Showing results for 
Search instead for 
Did you mean: 
eg123
Level 9
Report Inappropriate Content
Message 1 of 7

DLP-Monitor: Traffic Rules not working

Hi Guys,

 

I defined some traffic rules for my dlp-monitor appliance in ePO > DLP Appliance Management 11.2.0 > McAfee DLP Monitor Settings > Traffic Rules, but it seems not working at all, i can still see the incidents in dlp incident manager.

Any thoughts why? i'm using lastest 11.2. i ran "scm statsc -a |grep policypush" and can confirm my appliance has the correct policy from ePO. attached a screenshot of my settings:

Snipaste_2019-05-20_06-18-47.png

6 Replies
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: DLP-Monitor: Traffic Rules not working

In such scenario, I would recommend logging a service request with McAfee Technical Support. You can check few more settings.

1. Which Proxy you are using? Are the settings correct?

2. Are there any Classifications defined? Any integration with LDAP?

3. Did it work anytime?

eg123
Level 9
Report Inappropriate Content
Message 3 of 7

Re: DLP-Monitor: Traffic Rules not working

Just a quick question, before contact technical support, is my traffic rules settings correct?

 

McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: DLP-Monitor: Traffic Rules not working

The option that is enabled is Default and looks to be okay.

 

Highlighted

Re: DLP-Monitor: Traffic Rules not working

Hello,

 

Did you define rule for Web Protection or Email protection in DLP Policy manager? There you can set a rule with specific classification criteria.

 Probably I misunderstood it. Could you describe your intention? Afterwards I can try help you if you want.

Best Regards,

Pavel

 

I

eg123
Level 9
Report Inappropriate Content
Message 6 of 7

Re: DLP-Monitor: Traffic Rules not working

Hi Pavel,

 

the issue is i want to exclude specific URL (for instance, http://dlptest.com) from being analyzed by DLP-monitor, so defined a traffic rule but seems it's not working... 

i can still see new incidents generated when uploading sensitive files via http://dlptest.com.

 

btw, as per my testing, seems my traffic rule setting was wrong. i'm still troubleshooting it, will share more details once i have data. thanks.

eg123
Level 9
Report Inappropriate Content
Message 7 of 7

Re: DLP-Monitor: Traffic Rules not working

hi guys, i'm wondering how exactly the traffic rule works?

 

as per the testing, i use the below settings but both not working:

1. URL  --  does not match  --  http://dlptest.com  --  Analyze Traffic = YES

2. URL  --  matches  --  http://dlptest.com  --  Analyze Traffic = NO

 

as per the product guide:

McAfee DLP Monitor analyzes the traffic rules in a top-down priority order. The analysis stops when it finds a match, and takes the corresponding action.

 

why it doesnt work...?

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community