cancel
Showing results for 
Search instead for 
Did you mean: 
Superhoop
Level 9

McAfee Device Control 9.1 on VDI machines.

Hello,

We have a requirement to use McAfee DLP on our Virtual Estate. They have USB functionality in the form of a USB hub.

We already have it successfully installed across the estate so I know the policy works fine.

For dedicated VDI desktops DLP works as expected. For Pooled it does not.

  • Pooled Desktops – Users are randomly allocated a fresh Virtual Machine (Read Only) upon each logon. 
  • Dedicated Desktop – Users are assigned to the same Virtual Desktop (Read/Write) each time they logon.

Does anyone know if DLP SHOULD be able to work here on pooled VDI's?

Thanks

Superhoop.

0 Kudos
5 Replies
tonyw
Level 12

Re: McAfee Device Control 9.1 on VDI machines.

Could you expand on how DLP is not working for the Pooled vs the Dedicated Desktops?

0 Kudos
Superhoop
Level 9

Re: McAfee Device Control 9.1 on VDI machines.

Sorry, of course.

I have a basic rule to block removeable storage. I also have a rule to monitor plug n play at the moment and removabel storage for the domain these VDI's are on.

Pooled VDI's do not generate any events of any type and all devices can be used..

These VDI's use a USB hub called '52 Technology Link'.

With the dedicated VDI's the removeable storage devcies are blocks and plug n plug detected.

Thanks

0 Kudos
tonyw
Level 12

Re: McAfee Device Control 9.1 on VDI machines.

The times I've come across the situation in the past, the VM isn't mounting the drive as a true removable storage device.

With a simple PNP monitor rule for USB and no other definition, does it trigger?

What do the plugged devices show up as when using a program like usbdeview?

0 Kudos
Superhoop
Level 9

Re: McAfee Device Control 9.1 on VDI machines.

PNP monitor rules do not trigger at all.

I will test usbdeview when I am on site.

Is what I am trying to do even supported ?

Thanks

0 Kudos
tonyw
Level 12

Re: McAfee Device Control 9.1 on VDI machines.

https://kc.mcafee.com/corporate/index?page=content&id=KB59849

It boils down again to how the VM is mounting the drives.  If it's mounting in a way that DLP should be able to recognize it, DLP should be able to take action against it.

0 Kudos