cancel
Showing results for 
Search instead for 
Did you mean: 
sath
Level 7
Report Inappropriate Content
Message 1 of 6

DLP not working

I have DLP full liscensed installed. Its set up not issues, I have it set to block USB and Cd/Dvd rom devices however it isnt. Can any one tell me where the issue is occurring.

The device class ,definition and rules are set as well as a user assignment group
Labels (1)
5 Replies
sath
Level 7
Report Inappropriate Content
Message 2 of 6

RE: DLP not working

Can anyone from mcafee or anyone at all offer some help

RE: DLP not working

Can you please describe how and where you defined the device definitions and rules. Also check if rules defined by assigment group or by computers in ePO policy.
Ill can try to help to you.

Alex
Highlighted
sath
Level 7
Report Inappropriate Content
Message 4 of 6

RE: DLP not working

The device definitions were defined in the Device Definitions category in Device Management, similiarly Device Rules were defined in the Device Definition category in Device Management.

Device definitions were defined as follows Bus type and CD/DVD drives were chosen as the selected parameters. Only USB was selected in the Bus type parameter.

Device Definitions were defined as follows. Step 1: The device definition rules from above was included.
Step 2: Block (online\offline); Monitor (online\offline) and Notify user (online\offline) were selected.
Step 3: Was left blank initally with just the privileged user set up by user account. The drives were not being blocked. A User Assignment group was then set up and used, it was set up by group as defined by Active Directory.

Method of enforcement

Basically mistake with McAfee DLP is method of enforcement.
You need to decide wich one more effective for you - computer or users/group enforcement.
If you try to use both, the resoult is conflict and policy not work.
My advice - start from beginning. Delete device rules and Assignment groups. Recreate rules.
1. For computer enforcement - leave "Assignment groups" empty (skip it) and create policy for DLP agent in policy catalog. Select the created rules and apply policy for selected computers or group.
2. For AD user/group enforcenent - select "Assignment group" in Device rule creation wizard, click apply button in DLP management interface and NOT!!! change policy for DLP Agent.
3. Make wakeup for clients.

PS: Changes madden in "Agent Global configuration" enforced just after client reboot.


Goog luck

Alex

RE: Method of enforcement

I just evaluate DLP and find quite diffcult to start with.

The product guide may not be a good starting point.
It descript every screen items in the policy manager.

Is there any step by step guide for beginner to try on setting up some basic infrastructure?
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center