I can create a Protection Rule that will monitor and require justification for a removable storage device plugged into my USB. However, I cannot get the rule to work with my DVD/CD RW drive.
1. Yes, I enabled and applied the policy.
2. Yes, it is assigned to the correct user rights assignment.
Are CD/DVD drives not considerd "Removable Storage Devices" covered under the Protection Rules?
Device Plug and Play blocking CD/DVD drive works appropriately. The rules with Device Removable storage does not work.
Thanks for you thoughts so far any more ideas? I will try the diagnotic tool next.
This scenario is covered in the following article.
You can either block CD/DVD with a device rule set to read only or monitor what is being written with an application based protection rule.
I'm not sure why it isn't working for you. Here is a copy from the article itself:
|Corporate KnowledgeBase ID:||KB53598|
|Last Modified:||January 26, 2012|
McAfee Host Data Loss Prevention 9.0
McAfee Host Data Loss Prevention 3.0
It is not possible to block data using a reaction rule that is triggered from burning software such as:
Windows built-in burning functionality
The reason for this relates to how the CD/DVD burning software builds the data to be written and the way in which those applications choose to organize the data before burning. These factors make Host Data Loss Prevention (Host DLP) unable to block that data using an application reaction rule.
Host DLP does provide tagging and monitoring via a burner application reaction rule, just not blocking functionality. This feature has limited functionality, but does exist in Roxio versions 6-8. This feature does not work with Windows 2000.
I Have the same quastion as:
I can not create a Protection Rule that will monitor and require justification for my DVD/CD RW drive (not removable storage device plugged into my USB).
I didn't see any working solution here.
My DLP version is 9.3 pach1.
Looking forward for best advice.
Removable Storage Protection Rules are not supported for CD/DVD drives that are formatted using the Mastered File System. If Live File System was chosen the rule works.
For Mastered file systems on CD/DVD drives, a compensating control is to use Application File Access Protection Rule.