We are in process to add DLP Endpoint wiht existing Mcafee, we don't have full DLP license and DLP Operation Mode having two option only (ful content protection is grey becuase of not having license for that)
1. Device Control and content aware removable storage protection (wihtout tag support)
2. Device Control Only
We setup option 1.
In our testing we found that file blocking is only working on extension based (DLP not scanning content) i.e. we blocked copying/executing EXE file from USB but if we just rename EXE file to some other extension whicn is not block then we can easily copy to USB Drive.
My question is:
1. DLP is not providing content scan protection or I have setup some thing wrong
If you want to block Files based on the content in them,
You have to create a Removable Storage Protection Rule.
Follow the following steps :-
Creat a content classification rule based on text pattern or dictionary items.
Goto Protection rules
Create a Removable storage protection rule with the same content classification tag.
Apply this rule, and you will not be able to copy any file having that content to that USB.
McAfee DLP has many more content aware features and rules that can be used in full mode.
Hope I could help.
Thanks for answer but I am not able to understand how I can create content classification rule for my file, we blocked following files from executing on Removabale storage by this we are achieving follwing
1. User will not able to copy any blocked file on removable storage (online/offline)
2. If copied from other system (not running DLP product) then execution will be blocked
Issue we discover in this approach
We blocked EXE file for USB but if we just rename to EXE file to some other allowed extension then DLP not blocking this file.. any thoughts on this We blocking following extension using "Removable Storage File Access Rule"
Product in Use
Mcafee Agent : 22.214.171.1247
Mcafee DLP Endpoing : 126.96.36.1997
Mcafee VS Ent. : 8.8.0
EPO : 5.0.1 (Build 228)
this is not the rule you are looking for.
First, GoTo Agent Configuration--> File Tracking--> Ensure Device Control with removable storage protection mode is selected.
Now, Goto Classification rules, Here you create a content classification based on your requirement.
Finally, Goto Protection rules-->Create Removable Storage Protection Rule--> Include your content classification.
You can refer to product guide for more info on how to create these rules.
Hope I Could Help.
You have selected correct option in Agent configuration.
Now, Content classification rule and protection rules are in DLP policy console.