cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Grigoriy
Level 9
Report Inappropriate Content
Message 1 of 4

Web Post Protection Rule does't support Mozilla Firefox and IE11?

Hello
Dear McAfee Support Community Members,

We have problems with setting up of monitoring process of file upload events in web.telegram.org

System Configuration:
Windows 7 64x
Mozilla Firefox 80.0.1
Google Chrome 85.0.41.83.102
IE 11.0.20
McAfee Agent 5.6.3
McAfee DLP 11.4.200.182

Objective: To monitor all file upload events in web.telegram.org in Mozilla Firefox, IE 11, Google Chrome

For this purpose we created The Web Post Protection Rule, which contains:

Condition:
Classification is one of (OR) allowed file extensions (docx, zip, txt and etc.)
and End-User belongs to ActiveDirectory-telegram-users gorup
and Web address (URL) is one of (OR) allowed telegram URLs
and Uplode type is any data upload (ALL)

Excpetions: none

Reaction:
Action=No Action

We have tested this rule in three different browsers and results were surprising: DLP couldn't catch any event in Firefox and IE 11 (There wasn't any event in DLP Incident Manager), with Google Chorme McAfee DLP worked as expected.

But According to McAfee DLP Administrative guide Web Post Protection Rule is supported in all listed above browsers.

So how can we mitigate this issue? Should we use some kind of patch or something?
Please, provide the solution or direction.
Thank you!

3 Replies
Corey-DLP
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Web Post Protection Rule does't support Mozilla Firefox and IE11?

Hello and thank you for posting here!

Telegram uses end-to-end encryption. With that, it is likely you are running into the limitation that can also be seen with WhatsApp. This is described in further detail in KB92449. As a workaround, you may want to consider using an Application File Access Protection rule to block the file uploads or a Web Application Control rule to block access to the Telegram web interface. 

Grigoriy
Level 9
Report Inappropriate Content
Message 3 of 4

Re: Web Post Protection Rule does't support Mozilla Firefox and IE11?

Thank you for your reply.😀

But how come does McAfee DLP Endpoint work with Chrome+WebTelegram? I mean all file uploads in Chrome are registered successfully and i can see file content in DLP Incident Manager.

We have tested Application File Access Protection Rule - the results are also unexpected: DLP+Firefox+WebTelegram=no events, DLP+IE11+WebTelegram=events with side files, DLP+Chrome+WebTelegram=events with side files.

I am going to try Web Application Control rule to monitor file uploads - i will inform back about results.

Grigoriy
Level 9
Report Inappropriate Content
Message 4 of 4

Re: Web Post Protection Rule does't support Mozilla Firefox and IE11?

Web Application Control Rule doesn't match the objective to only monitor file uploads. it hasn't settings in "Reaction" settings page like Action=NoAction, the rule allows only to block ☹️

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community