cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 3

Question regarding registered documents

Jump to solution

Hello,

I tried to find an answer to this into the documentation, but the description there seems to be vague. 

Could someone explain which attributes is DLP using to compare registered documents? Is it using file hash, or content of the actual document? 

For example if I upload a Word template as a registered document, and then a person downloads this template and fills in the blanks (effectively changing the document), would this document still match the classification of the registered document?

Thank you in advance!

Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Question regarding registered documents

Jump to solution

Ufoto,

When you create a package, the signatures are loaded to the McAfee ePO database to be distributed to all
endpoint workstations. The McAfee DLP Endpoint client on the managed computers controls the distribution of
documents containing registered content fragments.

When a new file is uploaded (using “File Upload” button) the DLP extension copies the file into a local folder on the ePO machine (under C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\extensions\installed\UDLPSRVR2013\RegisterDocuments) and runs DataCompilerWrapper.exe (under the DLP extension installation folder) which extracts the text from the file (using the DLP text extractor process) and creates signatures from the text. The result signatures are written to a .dat file in a folder next to the original file in the ePO machine.

On the endpoint machine, upon every ASCI the DLP service searches in the RegDocs folder for an updated RegDocsDB. If it finds an updated file, it copies to the following location on the endpoint machine:
C:\ProgramData\McAfee\DLP\Agent\IncrementalData\RegDocsDB.dat
The DLP service then reads the RegDocsDB and updates its internal structures with the new Register Documents signatures and classifications. The DLP agents read the updated signatures from the DLP service memory (the check to see if the signatures got changed in the DLP service memory is done every 60 seconds).


I hope this helps.


Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Question regarding registered documents

Jump to solution

Ufoto,

When you create a package, the signatures are loaded to the McAfee ePO database to be distributed to all
endpoint workstations. The McAfee DLP Endpoint client on the managed computers controls the distribution of
documents containing registered content fragments.

When a new file is uploaded (using “File Upload” button) the DLP extension copies the file into a local folder on the ePO machine (under C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\extensions\installed\UDLPSRVR2013\RegisterDocuments) and runs DataCompilerWrapper.exe (under the DLP extension installation folder) which extracts the text from the file (using the DLP text extractor process) and creates signatures from the text. The result signatures are written to a .dat file in a folder next to the original file in the ePO machine.

On the endpoint machine, upon every ASCI the DLP service searches in the RegDocs folder for an updated RegDocsDB. If it finds an updated file, it copies to the following location on the endpoint machine:
C:\ProgramData\McAfee\DLP\Agent\IncrementalData\RegDocsDB.dat
The DLP service then reads the RegDocsDB and updates its internal structures with the new Register Documents signatures and classifications. The DLP agents read the updated signatures from the DLP service memory (the check to see if the signatures got changed in the DLP service memory is done every 60 seconds).


I hope this helps.


Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Question regarding registered documents

Jump to solution

Thank you for the detailed explanation 🙂

Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community