I have been reading the installation and product guides, followed steps to create device rules etc. but just can't get to lockdown pc, block usb ports, etc. This is my first time configuring this, any tips on how to get started? I managed to get DLP endpoint installed on the pc now for blocking externals, shares, printers...
Also.. i created devices class for the pc with GUID to manage this pc with device rule to block USB devices
Message was edited by: minion on 7/18/13 12:55:49 AM CDTMessage was edited by: minion on 7/18/13 1:35:17 AM CDT
what do you mean by lockdown PC ?
Blocking USB ports is relative: if you completey block the USB ports, you block your keyboard, mouse etc.
Blocking STORAGE devices is the most used way. There's KBs an tutorials from MA, https://kc.mcafee.com/corporate/index?page=content&id=KB60861
First create a rule that blocks all storage devices.
Create a definition of you USB stick
go to the created rule, exclude this definition.
Ok lock-down might sound a bit harsh, just prevent the user from copying data onto external, block from any shares on the network, prevent from printing, etc.
Thank you for the KB and solutions. Will try it now and give feedback.
Ok I followed the steps in the KB, tested with USB and still opens. These are the steps I followed:
So, first of all have a read of this doc: http://mcaf.ee/0dav5 pages 114 and 115 which walks through using device rules for plug and play and removable storage. You may need both types of rule to cover your devices.
On page 150 it covers the Incident Manager and Operation Events console that replaced the DLP Monitor.
If you would like us to look at your policy please attach it here and we'll give you some tips.
Chris Norris, CISSP
McAfee Tier III Support Engineer
Data Loss Prevention
Great thank you Chris!
Looks like I am getting somewhere slowly but surely Making more sense now.
I have created the policies, please find attached. The policies also assigned on the system tree to the group I am testing with. Is it suppose to block according to my policies now?Message was edited by: minion on 7/18/13 7:45:42 AM CDT