I am currently testing McAfee DLP for device control and I have a few questions regarding this.
1.DLP agent always report online events but without any offline events notice in DLP monitor, even I set online/offline or only offline conditions in DLP rules.
How to monitor offline events in DLP monitor ?
2.In DLP user manual, it shows the third steps of creat device rules--select user group binding with DLP rules are "optional".
But the DLP rules will not process if you have not select user group binding with the rules .
3.DLP agent need to input released key, but our DLP in ePO shows " released key selection" is gray color and it could not be selected. We do not know why ?
The other two selection of DLP, such as: recover or uninstall selection color is black and can use.
4.DLP rules have sequences or priority levels ? If we put several rules into one computer, what sequence will the DLP agent process the rules ?
5.We want premit only one kind USB key and deny all others.
How do we make the device definitions and rules ?
(make this kind USB key definition, set two rules: include this definition monitor, exclude this definition block ?
I have tested as this configuration but failed.)
Should somebody tell me how to implement it?
6.Please tell me the detail configuration to test "exclude" definition rule ?
Thank you very much.
Sorry for my so many questions.
I did not familiar with McAfee and DLP before.
And please answer with simple key discription and that can help me a lot.
I am familiar with DLP configuration now but the questions in discuss are could not be implemented.
you can only tell me: device difinition--which bus select ? -- VID/PID select and input.
device rules--step1-select difinition include/exclude? ; step 2-block and notice,online/offline?; step3-user group.
Please help me, our DLP experts in community.
Thank you !
If you want to exclude specific USB devices, then you have to create a separate definition using PID/VID or serial number. They you include all USB and exclude the one you want to allow.
Let me know your rule summary if you have already created one!
1. Make sure devices with offline events have uploaded all events.
2. User group binding is optional only if you are going to use Computer based assignment.
3. Check the ePO Permission Sets for the currently logged in user. Ensure the Agent Override password has been set.
4. The most restrictive rule will be applied.
Like AB mentioned, McAfee Professional Services will be a good option for you.