cancel
Showing results for 
Search instead for 
Did you mean: 

End Point DLP Web Prot Issue

Jump to solution

We are experiencing what we believe is an issue and we are
curious if others have experienced it and if so what they did to resolve it.

The issue that we see is when multiple tabs are open in a
browser instance the McAfee web protection rules analyze content against all
websites loaded within the browser instance and not just the website where the
data was entered.

Because we have defined safe and unsafe URL lists we expect
that this will cause a number of false positives.

This is how we are set up and the test scenario that
triggers the issue.

Set up

  1. Create classification to be used for testing.  For our test we created a confidential
    key word of conf11.  Skip this step if you have a classification in place that can be used.
  2. Create a URL List classification definition containing one URL.  We use the URL of
    our EPO or our company homepage.  Make sure that the webpage used has some place to

        enter data.  A search box will work.  This url list will be added to an exception to the rule being created.

  1. Create Web protection rule:

Name:  WP 1. content to any external [M,RJ,NU,SE]

State: Enabled

Condition

ClassificationState:  - is one of – classification defined in step 1
             And End-User: is any user (ALL)

And web address (URL): is any URL (ALL)

And upload type: is any data upload (ALL)

Exceptions

Name: Safe websites

State: enabled

Classifications: - is one of – classification defined in step 1

And End-User: is any user (ALL)

And web address (URL): is one of – URL list defined in step 2

And upload type: is any data upload (ALL)

Reaction

Action:Action: Request Justification        Default Email Justification - OK (no action) | Cancel (block)

User Notification: Default email protection user notification          Close after 5 seconds

Report Incident: Report incident = checked           Store original email as evidence = checked

This rule is define so that it will request justification when
a user enters sensitive data onto a webpage that is not considered safe.  Safe URLs are included in the URL list and
added as an exception.

Sensitive content entered onto “Safe” website.

1) Open URL from list defined in step 2 (Safe site)

2) enter into search box(other data entry field works) the content for classification defined in step 1 

3) select “search”, "enter" or applicable button

** Expected Result - searched with no issue

** Result – worked as expected

Sensitive content entered onto “Safe” website with unsafe site open in another tab

1) Open URL from list defined in step 2

2) Open Gmail (https://mail.google.com) in a new tab within the same browser instance.  Only open and login to gmail.  Do not select compose.  This assumes that gmail is not defined as a "Safe" URL

3) return to tab with website opened in step 1 and enter into search box(other data entry field works) the content for classification defined in step 1 

4) select “search”  "enter" or applicable button

** Result – user is prompted for justification.  This is not the expected result

Note: we have discovered if a user attempts to compose a message after opening Gmail the rule functions correctly.  It only seems to have an issue if the user opens the site not considered safe and does not compose a message.  

Anyone else experienced this issue?  If so, what was done to resolve it?

Thanks in advance.....

1 Solution

Accepted Solutions

Re: End Point DLP Web Prot Issue

Jump to solution

Issue resolved.  Changed the Windows Client configuration by unchecking, "Browser address bar" in the Web Protection settings.

2 Replies

Re: End Point DLP Web Prot Issue

Jump to solution

Issue resolved.  Changed the Windows Client configuration by unchecking, "Browser address bar" in the Web Protection settings.

Highlighted
rian
Level 7
Report Inappropriate Content
Message 3 of 3

Re: End Point DLP Web Prot Issue

Jump to solution

We are planning to implement web post protection and we deploy mcafee dlp 10 patch 3 in our endpoints and It causes problem to our browser specifically on chrome and firefox. I was unable to search any site on chrome and nothing happen whenever i search using firefox. Problem resolve only if we disable browser in DLP windows client configuration > operation mode module. I hope you could help.

 

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center