I defined some traffic rules for my dlp-monitor appliance in ePO > DLP Appliance Management 11.2.0 > McAfee DLP Monitor Settings > Traffic Rules, but it seems not working at all, i can still see the incidents in dlp incident manager.
Any thoughts why? i'm using lastest 11.2. i ran "scm statsc -a |grep policypush" and can confirm my appliance has the correct policy from ePO. attached a screenshot of my settings:
In such scenario, I would recommend logging a service request with McAfee Technical Support. You can check few more settings.
1. Which Proxy you are using? Are the settings correct?
2. Are there any Classifications defined? Any integration with LDAP?
3. Did it work anytime?
Did you define rule for Web Protection or Email protection in DLP Policy manager? There you can set a rule with specific classification criteria.
Probably I misunderstood it. Could you describe your intention? Afterwards I can try help you if you want.
the issue is i want to exclude specific URL (for instance, http://dlptest.com) from being analyzed by DLP-monitor, so defined a traffic rule but seems it's not working...
i can still see new incidents generated when uploading sensitive files via http://dlptest.com.
btw, as per my testing, seems my traffic rule setting was wrong. i'm still troubleshooting it, will share more details once i have data. thanks.
hi guys, i'm wondering how exactly the traffic rule works?
as per the testing, i use the below settings but both not working:
1. URL -- does not match -- http://dlptest.com -- Analyze Traffic = YES
2. URL -- matches -- http://dlptest.com -- Analyze Traffic = NO
as per the product guide:
McAfee DLP Monitor analyzes the traffic rules in a top-down priority order. The analysis stops when it finds a match, and takes the corresponding action.
why it doesnt work...?