cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
keithdrone
Level 10
Report Inappropriate Content
Message 1 of 2

Notification of major bypass flaw with DLP, allows users to easily bypass controls

This is to let other users of McAfee Host DLP know about a bug/issue within Host DLP (tested in 9.3 and 9.3 patch1).

The text-extractor has a built in time-out value of 30 seconds before 'releasing' the file along its way regardless of the intended policy response.   

This means, if your users are sending large files (Excel files are very susceptible for obvious reasons) to email, or USB, and the scan takes more than 30 seconds the file goes along its way regardless of whether its protected or not.

Additionally, the 'intended' action (such as block, or require justification) is still logged.   So if your EPO shows that 1,000 credit card numbers were blocked, this may not be accurate.

I've put in a PER request for the ability to customize this timeout value, and to ensure that the end user is not notified incorrectly (such as requiring justification, the user could click 'cancel' and beleive they have NOT sent/copied the file but actually they have and the logs show it was blocked though it was not).   I've also been working with support to request an updated version/hotfix/whatever for a customized value. 

While 30 seconds may seem excessive to worry about, consider that scan time increases on slower systems or systems with other CPU processes running.  Additionally, files such as DataBases that could contain data required to be blocked/inspected could definately pass the timeout.

1 Reply
vimalnavis
Level 13
Report Inappropriate Content
Message 2 of 2

Re: Notification of major bypass flaw with DLP, allows users to easily bypass controls

Thank you for submitting the PER. It eventually comes down to Security vs. Usability (w.r.t. performance) for any security product.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community