In DLP 3.0, Web post rule run unstable that can not block attachment file to hotmail, yahoo, gmail...also New device rules allow the blocking of executables run from removable storage. You can see readme file (atttach file) to find more infor about DLP 9.0.
The New SLP 9.0 is really good.
Message was edited by: johnronaldirani on 6/18/10 4:06:21 AM CDT
Message was edited by: johnronaldirani on 6/18/10 4:07:11 AM CDTMessage was edited by: johnronaldirani on 6/18/10 4:08:34 AM CDT
DLP 9.0 is ok
Device blocking seems to work well
Protection rules are iffy
The User Guide is absolutely horrible.
Support from McAfee seems to be of the "did you read the manual" type.
We are blocking SD card readers, making CD/DVD read-only, and allow by exception for USB drives.
We are also monitoring what is being copied external USB hard drives, but cannot get it to show what is being burned to CD/DVD.
McAfee has videoes on YouTube that explain most things to some degree. - highly recommend reviewing those.
Its hard to tell which policy has been applied or why something isnt blocked/working. Local logs are useless.
There is a serious vulnerability with dlp 9 and endpont encryption for files and folders EERM.
if you have a EERM encrypted stick and you have protection rules for monitoring flow of data to removable media the rules are ignored.
so far McAfee are telling me that there is a fix in 9.0 patch 1 which is still not released but you have to have EEFF 22.214.171.124 which is not much good if you are running EEFF 3.x.x