cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

negation rules comes first?

Hello,

I have a dumb question but, is bothering me a lot.

I'm creating some rules and created a rule that blocks every upload to any HTTP/HTTPS address.

But I also have a rule that allows content to be uploaded to a certain fileshare on the web.

My question is: Does the negation rule will cancel the rule allowing upload to my fileshare? Or ePO understands that only files uploaded to the fileshare are allowed and any other address needs to being blocked?

 

Thanks in advance

7 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: negation rules comes first?

I am not sure if the query is related to ePO or some other products like ENS, Host DLP.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?
Highlighted

Re: negation rules comes first?

Hello,

Is about ePO.

 

What I'm trying to say is: I have created two Web Protection Rules, the first one is to Deny every upload to any HTTP/HTTPS service.

The second one is to allow uploads only to Ariba and Salesforce website.

I'm wondering if the first rule will deny the second one.

Or I'll need to create only one rule to block every upload to HTTP/HTTPS and in the same rule, set upload to Ariba and Salesforce as exception to works?

 

Thanks in advance

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: negation rules comes first?

Any firewall rules, including web rules, are parsed in a top down manner.  So if a deny rule is first, it will deny the traffic and ignore the allow.  You must put all allow rules first, then deny rules after them.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: negation rules comes first?

Hello cdinet,

Thanks for your response.

So, this applies even on ePO, right?

I'm doing some modifications at My Default DLP Policy and applying some rule sets with Web Protection rules to block any files being uploaded to any HTTP address.

I'm going to test another settings here based on your answer an post my results here as soon as possible.

Thanks !

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: negation rules comes first?

If these are dlp rules, you might want to check with dlp team, as I am not sure how their rules are handled.  I will move this over to that team.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: negation rules comes first?

Ok, thanks for moving this topic.

I'll wait for some response.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: negation rules comes first?

Hi @RaphaAlmeida ,

Thank you for writing in here.

Kindly note that if you create two rules one to block and one to allow the uploads (basically called monitoring) and both these rules have been applied to the Policy then block rule will take precedence. 

So if you want to have exclusions for certain URL's, kindly add the URLs in the Exception tab of the block rule.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community