I have some question about DLP rules. Is it possible to block running certain type of application through DLP rules. In our company we have a number of production PC, which we will want to prevent from running exe files (excuding only necessary apps). This files will be stored on network locations or local hard disks. Is it possible to do it through DLP rules policy? What kind of rule we need to deploy?
Appreciate your help in advance
Preventing applications from reading/writing is not in the endpoint DLP capabilities at this time.
You could always use application whitelisting using HIPS or Solidcore functionality
Keithdrone is correct. The McAfee Application Control (solidcore) would be better suited to performing this action. DLP has limited function for data execution prevention for removable storage. App control was designed to fit your needs.
Looks like McAfee doesn't have any roadmaps for blocking opening or saving of matched data via DLP, but other solutions do - if this is a requirement for your organization you may wish to re-visit your Data Classification Standard and how you respond to triggered events through applications.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center