Network Share Protection - Block all SMB when not connected to company network
we would like to block all SMB traffic on our endpoints while they are not connected to the company network. Is it possible for DLP to detect whether the endpoint is connected to the domain? I do not see any option in the network share protection rule template.
Re: Network Share Protection - Block all SMB when not connected to company network
On the endpoint right click McAfee Agent> McAfee Agent Status Monitor> Manage Features> DLP Endpoint Console> About> you will see there has a "Corporate Connectivity" feature, which is used by DLP to determine if the client machine is connected to the corporate network or not. By default DLP will perform some kind of DNS queries to your ePO server, if the DNS lookup is done successfully, then DLP Corporation Connectivity status will be "Connected to Corporate Network".
Meanwhile in DLP Policy Manager> your rule set>your Network Share Protection rule> Reaction>Computer disconnected from the corporate network, your can determine to use the same reaction or not if computer disconnected form corporate network.
And again, It's not possible to BLOCK it, you can only MONITOR it by using Network Share Protection rule.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.