cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

McAfee DLP with Boldon James Classification

Hello,

This is in regard to McAfee DLP v11.3 and Boldon James classification. 

I came across the difficulties to configure Content-based Classifications in McAfee DLP with Third-Party Tag option (Classifications Criteria  > File Conditions > Third Party Tag ).

I have configured tag with a different options but it doesn't work well with any protection rules.

I have used Document Properties for all Office Applications and that works well with Office apps. But if we have classification with Third-Party tag then it would be easy to manage the non-office applications.

The tag in Boldon James was XXX - Confidential & XXX - Internal, so to assign this tag in Office (Word or Excel) need to select XXX under classification and then select Confidential or Internal which will mark Office document XXX - Confidential. 

For Non Office application, need to select tag by Righ click option and apply.

Configuration for content classification in McAfee DLP for Third-Party tag is in attachment but it's not picking that tag and protection doesn't work.

Can anyone please guide me on how I can make this working. I am also checking with Boldon James support to get the value to put in Third Party tag config and awaiting a response.

 

 

13 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 14

Re: McAfee DLP with Boldon James Classification

BhautikS,

Please see below information related to the supported document types for third party integration.

The following table lists the supported file types and the technology applied.
Document type True file type Method
Microsoft Word DOC, DOCX, DOCM, DOT, DOTX, DOTM document property
Microsoft PowerPoint PPT, PPTX, PPS, PPSX, PPSM, PPTM, POT, POTM, POTX
Microsoft Excel XLS, XLSX, XLSM, XLSB, XLT, XLTX, XLTM
XPS document XPS
Portable Document Format PDF XMP property
Audio and video formats AIF, AIFF, AVI, MOV, MP2, MP3, MP4, MPA, MPG, MPEG, SWF,
WAV, WMA, WMV

 

 

The following table lists the internal properties.

Classification Property name
Manual file classification DLPManualFileClassification
File classification last modified by DLPManualFileClassificationLastModifiedBy
File classification last modification date DLPManualFileClassificationLastModificationDate
File classification version DLPManualFileClassificationVersion
Endpoint discovery automatic classification DLPAutomaticFileClassification
Endpoint discovery automatic classification version DLPAutomaticFileClassificationVersion
Graphic and image formats PNG, JPG, JPEG, TIF, TIFF, DNG, WMF, PSD

Also, I have attached the product guide for DLP 11.3. See page 91 for Third Party tag use case. 

 

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted

Re: McAfee DLP with Boldon James Classification

Thanks Mreaden,

I have tried third party tag as mentioned in DLP guide (page 91) that you have shared but somehow DLP agent not detecting it.

Maybe I am doing something wrong in it, it would be great if you can please guide me on this, 

Boldon James Tag name - XXX

Content in Boldon James tag (to identify specific word) - Confidential

I have tried the attached config in DLP classification but no luck.. 

Highlighted

Re: McAfee DLP with Boldon James Classification

Would like to know if there is a resolution to this, as we are seeing the exact same behavior as OP.  

Is there any fix that hasn't been posted yet that we should be aware of to resolve?  This is a feature breaking item for our Data Security requirements to prevent HC tagged data from being sent via email to external email recipients.

Thanks

Highlighted

Re: McAfee DLP with Boldon James Classification

Hey Ken,

I have figured it out with Document custom Properties and used a value (kind of hash value configured in BoldonJames) that BoldonJames is using. It did work well for some time and last week the customer has informed that they are seeing no classification value in Incident Manager for new incidents.

I might have session with the customer this week and will be able to confirm the issue or the solution.

Also I can definitely confirm that Custom Document Properties in Classification works well. 

Highlighted

Re: McAfee DLP with Boldon James Classification

Apologies, I forgot to mention about the Email, I did configure third party tag option and took value from BoldonJames console and it started triggering tag and protection rule to email.

I will post more updates once have a call with my customer.

Highlighted

Re: McAfee DLP with Boldon James Classification

Hi, i have the same issue ...

McAfee not read from office files that are classified from Boldon James ...

Mcafee not working with third party Boldon James classification rule, only with document location or document properties ...

is there a solution ?

Highlighted

Re: McAfee DLP with Boldon James Classification

Hey Kristijan,

That's true, it doesn't work well with Tag from BoldonJames, I have tried but the tag name was so common that it started picking the words from document itself (e.g. tag name - TAGME and if document has TAGME in any sentence then it picks that) so I have used the document properties and that works well. Customer have asked us to check with McAfee to use tag from BoldonJames and have ticket open with them but still no proper answers.

BTW I have used the Custom Document property (e.g. MS-Word doc > Info > Properties > Advance Properties > Custom > check BoldenJames name & value).
Luckily, BoldonJames configuration in our customer environment has a custom value which is similar to hash value and I have used that and it did work.
We are getting some false positive but very less where the event says Match Count = 0 and still trigger events (Not sure why so have opened an incident with McAfee).
 
For Email/PDF, you can use the boldonjames value (which we have used in the custom property above) as Keyword with separate classification and that works well with DLP protection rule. 
 
I will post an update once hear anything from McAfee. And if you are getting any info/resolution then please do let us know.
 
Thank you.
 
Highlighted

Re: McAfee DLP with Boldon James Classification

Hi,

thanks for your advice.

I have tried how you said and it's working ok for now .

Is there any news from McAfee when will this working well with Boldon James , out of the box ... ?

Highlighted

Re: McAfee DLP with Boldon James Classification

That's great.

Still exchanging logs are going on but no resolution. I will post an update once I have clear answer from McAfee.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community