cancel
Showing results for 
Search instead for 
Did you mean: 
jbuschman
Level 7

DLP Protection Rule to DVD/CD drive not working

I can create a Protection Rule that will monitor and require justification for a removable storage device plugged into my USB.  However, I cannot get the rule to work with my DVD/CD RW drive.

Any suggestions?

Thanks!

0 Kudos
11 Replies
uzanatta
Level 10

Re: DLP Protection Rule to DVD/CD drive not working

Hi,

1) Did you enable it?

2) Check policy for 'computer assigned' or 'user right assignment' as you want to work with;

0 Kudos
jbuschman
Level 7

Re: DLP Protection Rule to DVD/CD drive not working

Yep..

1.  Yes, I enabled and applied the policy.

2. Yes, it is assigned to the correct user rights assignment.

Are CD/DVD drives not considerd "Removable Storage Devices" covered under the Protection Rules?

0 Kudos
uzanatta
Level 10

Re: DLP Protection Rule to DVD/CD drive not working

Hi,

you should try with 'All Removable Storage Device' in order to know if Device Control blocks it.

0 Kudos
jbuschman
Level 7

Re: DLP Protection Rule to DVD/CD drive not working

Device Plug and Play blocking CD/DVD drive works appropriately.  The rules with Device Removable storage does not work.

hmmm...

Thanks for you thoughts so far   any more ideas?  I will try the diagnotic tool next.

0 Kudos
tonyw
Level 12

Re: DLP Protection Rule to DVD/CD drive not working

This scenario is covered in the following article.

https://kc.mcafee.com/corporate/index?page=content&id=KB53598

You can either block CD/DVD with a device rule set to read only or monitor what is being written with an application based protection rule.

0 Kudos

Re: DLP Protection Rule to DVD/CD drive not working

Tony,

I can't seem toa ccess the above KB articles.  Is there something I can do to view it?

Thanks!

0 Kudos
tonyw
Level 12

Re: DLP Protection Rule to DVD/CD drive not working

I'm not sure why it isn't working for you.  Here is a copy from the article itself:

Corporate KnowledgeBase ID:  KB53598
Last Modified:  January 26, 2012

 

Environment

McAfee Host Data Loss Prevention 9.2
McAfee Host Data Loss Prevention 9.1

McAfee Host Data Loss Prevention 9.0

McAfee Host Data Loss Prevention 3.0

Summary

McAfee recommends that you create a device rule and make the CD/DVD drives read-only.

It is not possible to block data using a reaction rule that is triggered from burning software such as:

Nero

Roxio

Windows built-in burning functionality

The reason for this relates to how the CD/DVD burning software builds the data to be written and the way in which those applications choose to organize the data before burning. These factors make Host Data Loss Prevention (Host DLP) unable to block that data using an application reaction rule.

Host DLP does provide tagging and monitoring via a burner application reaction rule, just not blocking functionality. This feature has limited functionality, but does exist in Roxio versions 6-8. This feature does not work with Windows 2000.

0 Kudos
m.bagheryan
Level 12

Re: DLP Protection Rule to DVD/CD drive not working

Hello,

I Have the same quastion as:

I can not create a Protection Rule that will monitor and require justification for my DVD/CD RW drive (not removable storage device plugged into my USB).

I didn't see any working solution here.

My DLP version is 9.3 pach1.

Looking forward for best advice.

Thanks.

0 Kudos
vimalnavis
Level 13

Re: DLP Protection Rule to DVD/CD drive not working

Removable Storage Protection Rules are not supported for CD/DVD drives that are formatted using the Mastered File System. If Live File System was chosen the rule works.

For Mastered file systems on CD/DVD drives, a compensating control is to use Application File Access Protection Rule.

0 Kudos