Dear McAfee Support Community Members,
We have problems with setting up of monitoring process of file upload events in web.telegram.org
Windows 7 64x
Mozilla Firefox 80.0.1
Google Chrome 126.96.36.199.102
McAfee Agent 5.6.3
McAfee DLP 188.8.131.52
Objective: To monitor all file upload events in web.telegram.org in Mozilla Firefox, IE 11, Google Chrome
For this purpose we created The Web Post Protection Rule, which contains:
Classification is one of (OR) allowed file extensions (docx, zip, txt and etc.)
and End-User belongs to ActiveDirectory-telegram-users gorup
and Web address (URL) is one of (OR) allowed telegram URLs
and Uplode type is any data upload (ALL)
We have tested this rule in three different browsers and results were surprising: DLP couldn't catch any event in Firefox and IE 11 (There wasn't any event in DLP Incident Manager), with Google Chorme McAfee DLP worked as expected.
But According to McAfee DLP Administrative guide Web Post Protection Rule is supported in all listed above browsers.
So how can we mitigate this issue? Should we use some kind of patch or something?
Please, provide the solution or direction.
Hello and thank you for posting here!
Telegram uses end-to-end encryption. With that, it is likely you are running into the limitation that can also be seen with WhatsApp. This is described in further detail in KB92449. As a workaround, you may want to consider using an Application File Access Protection rule to block the file uploads or a Web Application Control rule to block access to the Telegram web interface.
Thank you for your reply.😀
But how come does McAfee DLP Endpoint work with Chrome+WebTelegram? I mean all file uploads in Chrome are registered successfully and i can see file content in DLP Incident Manager.
We have tested Application File Access Protection Rule - the results are also unexpected: DLP+Firefox+WebTelegram=no events, DLP+IE11+WebTelegram=events with side files, DLP+Chrome+WebTelegram=events with side files.
I am going to try Web Application Control rule to monitor file uploads - i will inform back about results.
Web Application Control Rule doesn't match the objective to only monitor file uploads. it hasn't settings in "Reaction" settings page like Action=NoAction, the rule allows only to block ☹️