cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

How to block IM applications (Telegram, viber ...)

Dear all,

  • I need to block send sensitive data from IM applications (Telegram, Viber ...). I defined in application template (vendor, original executive file, product name - attachment) . But the DLP Agent still cannot regconize the sensitive data use by this IM applications.
  • With Skype, the DLP agent has an alert (popup) block and EPO has a block log. But the clients still send the sensitive file though skype.

Please help to provide me solutions on this case.

Thank you.

 

5 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: How to block IM applications (Telegram, viber ...)

Hello and thank you for posting here!

Based on your attached screenshot, I believe you have your application definition configured correctly. What type of rule have you been using when attempting to block file uploads to these applications? I would recommend an Application File Access Protection Rule.

Highlighted

Re: How to block IM applications (Telegram, viber ...)

I created rule in Application File Access Protection Rule, but it still cannot block this. With Skype, it has a block alert, but the sensitive file still send through Skype.
The package DLP using is 11.5 (dowloaded from Software Catalog)

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: How to block IM applications (Telegram, viber ...)

You may want to test with the configuration steps mentioned in KB92287 if you have not done so already. This KB also has you create an Application File Access Protection Rule, but uses an application based finger printing classification. 

If the steps in that KB do not yield positive results, I would recommend running Process Monitor while attempting to upload a file to one of these IM applications. This would help identify any other process that may be touching the file during the upload process. If additional processes are found, they would need to be included in your application template definition. If you need assistance in reviewing the process monitor log, I would recommend opening a Service Request with our Support team.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: How to block IM applications (Telegram, viber ...)

Hi @DucDinh ,

To answer this question/issue below,

Question/Issue: With Skype, it has a block alert, but the sensitive file still send through Skype.

Answer: The file will be nulled out and sent to the destination user in the chat application. If you can open the file at the recipient end you can find that the file details will be nulled out by DLP. So there is no Data loss of confidential information sent to the end recipient.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
Highlighted

Re: How to block IM applications (Telegram, viber ...)

Dear @jsubbura,

Please check below information, the EPO received the event from the client - Block sensitive file. But the receiver still can open and download the sensitive file. I tried define another application (viber, telegram), it has no log.

Does the evalution limitted the features (evalution license key for DLP endpoint)? I tried configure Registered documents, it cannot use too.

 

Note: I tried 2 version DLP 11.5.0.602 and 11.4.0.452. They have same problems.

 

 

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community