cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Highlighted
CobhamDLPAdmin
CobhamDLPAdmin
Level 8
Report Inappropriate Content
Message 1 of 1
‎06-25-2019 01:25 PM

Whitelist/Exclude Incoming copy direction in Removable Storage Protection rules

McAfee SR#: 4-20015799251

I have an issue reported by an employee where they are copying files from an approved Removable Storage USB device to a network file share mapped as a drive. 

We have a Removable Storage Protection rule to look for data copied in the OUTGOING direction only. The Incoming copy direction is not selected in either of the 3 rules we have configured. 

When copying, the time jumps from 2 minutes to 32 minutes and the notification "Please wait while DLP analyzes your data" causing an unnecessary performance degrade when copying files TO a system.  

I have even gone so far as to set an exception for the Incoming copy direction for the classification I have configured in the rule. It does not allow for Any Data All, Any User All, and Any Application All. It requires at least one value not be set to ALL. 

I was informed by McAfee Support who was advised by Advanced Support that even without the Incoming copy direction selected, that it is "working as designed and to submit a PER which seems a bit ridiculous. If I don't select "Incoming - Copy to local drive" then I wouldn't expect that it would analyze any "Incoming" data being copied (which also seems a bit ridiculous since the product is "Data Loss" not "Data Gain" prevention). 

The only way to prevent this is to turn off the Advanced file copy protection Module in the Windows Client Configuration policy which disables the sandbox and defeats the purpose of having Outgoing protection since it then analyzes data After it's copied to removable storage which can easily be unplugged once the file copy operation is completed. 

Suggestion: Enable the Module to Not analyze files when the Incoming copy direction is not selected and/or enable the ability to select ALL within an exception for the Incoming copy direction, and/or just remove analyzing Incoming altogether since it defeats the purpose of the product in the first place. 

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC