Hi all !
I am working on McAfee Host Data Loss Prevention 9.0
Most of the protection rules work fine but I have a problem.
In fact I want to configure now a protection rule that can block files copying from a shared folder to all users computer.
I need your help !
Thank you in advance !
This is what every HDLP user want I beleived.
Unfortunately, I asked mcafee support few months ago, it is not able to control this part up to latest 9.1 version.
It would be nice if DLP would do this, but surely you can sort this out using your own security policies within your environment. If not then maybe a re-think on why users are allowed to do this in the first place.
Note that HDLP is used to prevent Data Leakage to untrusted/external locations. Any data transmision inside your local network is considered as trusted and we dont block it as its not a data leakage. Basically it's all about what is 'going out' of your end-user systems, not about whats 'coming in'.
You can create a location based tagging rule for the data on the share. If the data is downloaded it'll be tagged and then you can create protection rules for the data.
Blocking incoming traffic isn't a function of DLP but protecting that data when it is copied down is exactly what DLP was designed to do.
There is a feature in McAfee AV that is for controlling Virus Outbreaks.
Under Access Protection, you can add
and, you could exempt some specific processes if necessary.
but you usually need some access to something like sysvol for GPO's, I think.- not sure if this would affect it though.
I think a better approach would be to use Shareenum.exe to scan your network for shares and then start cutting them down. - also, remove the ability of anyone except the Sys Admins to create shares, and use something like shradm.exe tool from Microsoft to strip off Everyone permissions. Sys Ads would have to do some work to create security groups to ensure users have access.