cancel
Showing results for 
Search instead for 
Did you mean: 
myk12pak
Level 7

File Blocking in DLP is Content Aware?

Hi

We are in process to add DLP Endpoint wiht existing Mcafee, we don't have full DLP license and DLP Operation Mode having two option only (ful content protection is grey becuase of not having license for that)

1. Device Control and content aware removable storage protection (wihtout tag support)

2. Device Control Only

We setup option 1.

In our testing we found that file blocking is only working on extension based (DLP not scanning content) i.e. we blocked copying/executing EXE file from USB but if we just rename EXE file to some other extension whicn is not block then we can easily copy to USB Drive.

My question is:

1. DLP is not providing content scan protection or I have setup some thing wrong

Thanks

0 Kudos
7 Replies

Re: File Blocking in DLP is Content Aware?

Hi,

If you want to block Files based on the content in them,

You have to create a Removable Storage Protection Rule.

Follow the following steps :-

Creat a content classification rule based on text pattern or dictionary items.

Goto Protection rules

Create a Removable storage protection rule with the same content classification tag.

Apply this rule, and you will not be able to copy any file having that content to that USB.

McAfee DLP has many more content aware features and rules that can be used in full mode.

Hope I could help.

0 Kudos
myk12pak
Level 7

Re: File Blocking in DLP is Content Aware?

Thanks for answer but I am not able to understand how I can create content classification rule for my file, we blocked following files from executing on Removabale storage by this we are achieving follwing

1. User will not able to copy any blocked file on removable storage (online/offline)

2. If copied from other system (not running DLP product) then execution will be blocked

Issue we discover in this approach

We blocked EXE file for USB but if we just rename to EXE file to some other allowed extension then DLP not blocking this file.. any thoughts on this  We blocking following extension using "Removable Storage File Access Rule"

*.inf

*.ini

*.bat

*.bin

*.cmd

*.com

*.eml

*.msg

Product in Use

Mcafee Agent : 4.8.0.887

Mcafee DLP Endpoing : 9.3.0.637

Mcafee VS Ent. : 8.8.0

EPO : 5.0.1 (Build 228)

Thanks

0 Kudos

Re: File Blocking in DLP is Content Aware?

Hi,

this is not the rule you are looking for.

First, GoTo Agent Configuration--> File Tracking--> Ensure Device Control with removable storage protection mode is selected.

Now, Goto Classification rules, Here you create a content classification based on your requirement.

Finally, Goto Protection rules-->Create Removable Storage Protection Rule--> Include your content classification.

You can refer to product guide for more info on how to create these rules.

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24536/en_US/...

Hope I Could Help.

J.L.

0 Kudos
myk12pak
Level 7

Re: File Blocking in DLP is Content Aware?

Hi Jayant

I don't see that option see my screen shotDLP0.png

0 Kudos

Re: File Blocking in DLP is Content Aware?

Hi,

You have selected correct option in Agent configuration.

Now, Content classification rule and protection rules are in DLP policy console.

0 Kudos
myk12pak
Level 7

Re: File Blocking in DLP is Content Aware?

So you are saying I can create Content Classification Rule even without Full DLP (option 1 in SS that is Grey)?

0 Kudos
vimalnavis
Level 13

Re: File Blocking in DLP is Content Aware?

Any option greyed out is available only with Full DLPE License.

0 Kudos