I've read a lot of posts on this and think I know the answer but would like confirmation as to me the answer seems like the product isn't working the way it should.
-We want to deploy McAfee DLP to all users.
-We want to prepare 100 USB keys by encrypting with EERM
-We want to distribute these keys to staff keeping a record of who gets what
-We want DLP to block all USB media except these encrypted keys that we handed out, encrypted being the key word here.
From what I can see, we cannot do this with DLP? If I create a rule to block all removable media except content encrypted with McAfee Endpoint Encryption our pre-Encrypted keys still get blocked. I know I could take note of vendor and product IDs but what's to stop someone formatting the key on a home PC and then using it in an unencrypted state?
Does DLP not recognise EERM devices as being truly McAfee Endpoint Encrypted devices?
Many thanks for any thoughts/ feedback
-Forgot to mention, one other requirement is that staff can give the keys to clients with a password to unencrypt/ viewMessage was edited by: gerryrigney on 10/02/11 07:19:59 CST
Actually DLP is working fine.
From the ReadMe;
I know there are issues between DLP and EERM. For example in our environment, DLP will not trigger any rules when copying data to an EERM encrypted USB device. I would recommend you open a SR with McAfee and get them working on a fix.
We are just using the device control element of DLP, at 1st we thought that was the problem but we got a trial license for DLP and still can not get it to allow/ recognise EERM protected devices. We're talking to our AC manager and they're looking at it but as of yet they can't get it to work the way we want it to either.
Thanks for the info, I'll post if we have any luck.
Whatever you do: do NOT use McAfee Device Control with Endpoint Encryption for Files and Folders since that will store your data UNENCYPTED on the USB device!
McAfee knows about this [they've been demo'ed the effect].
Meant to update this post, according to McAfee even with the next version of EEFF and EERM, you will still need EEFF on the PC in order for device control to recognise and allow EERM protected devices, so the initial info I was given was incorrect.
I tried the beta and was able to copy files unencrypted onto EERM protected devices all right, it seemed limited to small files sizes but any file is unacceptable. I guess that's why it's called a beta though.
Next beta is due soon I beleive, hopefully that will be resolved.