cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 3

Network Share Protection - Block all SMB when not connected to company network

Dear All, 

we would like to block all SMB traffic on our endpoints while they are not connected to the company network. Is it possible for DLP to detect whether the endpoint is connected to the domain? I do not see any option in the network share protection rule template.

Thank you very much and kind regards,

FA1

2 Replies

Re: Network Share Protection - Block all SMB when not connected to company network

On the endpoint right click McAfee Agent> McAfee Agent Status Monitor> Manage Features> DLP Endpoint Console> About> you will see there has a "Corporate Connectivity" feature, which is used by DLP to determine if the client machine is connected to the corporate network or not. By default DLP will perform some kind of DNS queries to your ePO server, if the DNS lookup is done successfully, then DLP Corporation Connectivity status will be "Connected to Corporate Network".

Meanwhile in DLP Policy Manager> your rule set>your Network Share Protection rule> Reaction>Computer disconnected from the corporate network, your can determine to use the same reaction or not if computer disconnected form corporate network.

 

And again, It's not possible to BLOCK it, you can only MONITOR it by using Network Share Protection rule.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Network Share Protection - Block all SMB when not connected to company network

Hi @FA1 ,

DLP can detect whether endpoint is connected to Domain (Corporate Network) or not to Domain (not connected to Corporate Network)

So when your machine is not connected to corporate network DLP endpoint console will show you the below details,

 

corporate.PNG

You can set the DLP rule to take actions when the DLP endpoint console shows "Not Connected to Corporate Network" using the Rules reaction tab as below,

 

NSP action.PNG

Note: DLP Network Share Protection Rule can only Monitor the data transferred to the network share paths and cannot block the Network Share Itself.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community