cancel
Showing results for 
Search instead for 
Did you mean: 

NCPR blocks Skype completely

Jump to solution

Here is the Scenario which I have with DLP. Anybody know what is going on with this new release?

The complete application (Skype) itself was blocked down.

Remote in and found that NCPR was blocking all the traffic from and to Skype.

The rule was set with no restriction and with one tag included; the tagging rule was set for all kinds for files (no restrictions).

Found many incidents in the incident manager as the rule is triggered with the applied tag.

Edited the tagging rule with only some certain file types and rebooted the machine; now able to login to skype and the tagged files are blocked as well.

But once a file is blocked by DLP, skype is not able to connect back; informed that, if once DLP blocks a data flow, DLP hooks that particular process, and which needs to restarted to continue working.

Restarted the application; but still the same.

Rebooted the client; Skype is not accessible and DLP still generates events.

I confirmed that, the same rule when applied on a fresh client machine gives the same result.

That is, the application Skype is completely blocked by DLP, even when no attachments are sent.

Activated DLP Agent Bypass and skype was able to connect to the network and got disconnected soon when the Bypass time expired.

<<I already Collected the log and it is possible to share depends on replies.>>

1 Solution

Accepted Solutions
Highlighted

Re: NCPR blocks Skype completely

Jump to solution


Thanks for comment.

Just for additional info:

1. If you want to block all type of attachment over IM, it will block the program not drop the attachment.

2. For blocking the attachments you can use it by mentioning the types of files specified.

Note: 2* : It will block the program during the attaching the file, and if you want to revive the program, you have to cancel the file transferring first then quit and start the program again.

Enjoy.

M. B. M

3 Replies

Re: NCPR blocks Skype completely

Jump to solution

This rule is blocking the file not the functions run on it.

palex
Level 11
Report Inappropriate Content
Message 3 of 4

Re: NCPR blocks Skype completely

Jump to solution

Hi, M Bagheryan M!

If you say about Network Communication Protection Rule, I can say the following:

If you put a lock function of the network connection, then the rule is triggered to protect the network connection is blocked until the end of the work blocked the application (program).

This feature DLP Endpoint, and here we can not do anything. If you want, we can make a request for revision, because I like it a lot are not satisfied.

About blocking Skype: Most likely you have set incorrectly self protection rule:
1. Skype creates a bunch of network connections, for example, if you block him sending messages, it will send a bunch of messages on different network ports. First on the 443, then at 43HHH, 33033 and so on.
2. These compounds are generated every second (on average), so if you block the network connection, then "drown" in a large number of messages on the console DLP.

I can suggest a few options:
1. Monitoring sending-receiving files over AFAPR.
2. Copy the entire database when you run Skype on Skype endpoint computer. And then hand-database search with the help of other programs.

If you want to talk on this subject, write me.

Highlighted

Re: NCPR blocks Skype completely

Jump to solution


Thanks for comment.

Just for additional info:

1. If you want to block all type of attachment over IM, it will block the program not drop the attachment.

2. For blocking the attachments you can use it by mentioning the types of files specified.

Note: 2* : It will block the program during the attaching the file, and if you want to revive the program, you have to cancel the file transferring first then quit and start the program again.

Enjoy.

M. B. M

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community