cancel
Showing results for 
Search instead for 
Did you mean: 

How to use Manual Classification in DLP Endpoint

How to use Manual Classification in DLP Endpoint

Introduction

Hello and welcome to this document on how to use Manual Classifications in DLP Endpoint.

Manual Classification allow users to classify unstructured data by themselves without relying on regular expressions or dictionaries, or they can be used in conjunction with them.

By classifying data when it’s created, this can help increase the efficacy of McAfee DLP and decrease the potential that sensitive data is leaked.

Okay, great, let’s get started.

Video


Configuring Manual Classification

Our first step is to set up our Classifications. Go to Menu > Classifications

01.png

Now, click on the Manual Classification tab.

02.png

Here, we can create new classifications. Let’s create a new classification with the New Classification button. I’m going to create a new classification called “Top Secret

03.png

I’ll want to add users that will be able to use this manual classification. I can Allow Everyone to classify files or I can select specific end user groups with the Select End-User Groups option. For now, I’m just going to select Allow Everyone.

04.png

I’m also going to create a “Public” classification and Allow Everyone to use this as well. This classification will allow the users to classify a file that has fewer restrictions.

Next, using the View dropdown near the top left, I’m going to select “General Settings”.

05.png

Here, we have several options for our classifications. I’m going to enable the option to “Force end user to classify file if the file was never classified before.” This will ensure that your users review the classification of the file before saving it. Make sure to save your configuration in the bottom right.

06.png

Our next step is to add our Top Secret classification to a Rule Set.

Go to Menu > DLP Policy Manager

07.png

Now, create a new Rule Set with Actions > New Rule Set and call it Top Secret Rule Set.

08.png

09.png

Select the Top Secret Rule Set from your list of rules.

10.png

In this rule set, I’m going to add a Cloud Protection Rule with Actions > New Rule > Cloud Protection

10a.png

I'm going to name it Top Secret Cloud Protection Rule. I'm also going to Enable it, and set Top Secret as the classification with the three dots next to Classification. I’m also going to select all of the cloud services and then save it.

11.png

In the reactions, I’m going to set the Action as Block, setup a user notification with the Default Cloud Notification, and check the box next to Report Incident.

12.png

I can now just save the Rule Set by clicking Save and then move to the previous screen with Close.

13.png

Finally, I’m going to assign the policy under the Policy Assignment tab.

14.png

Go to Actions > Assign Rule Sets to a policy and assign the Top Secret Rule set to the DLP policy that is assigned to your system in the ePO system tree (it's My Default DLP Policy in my environment).

15.png

16.png

Next, I’m going to go to Actions > Apply Selected Policies and select the DLP policy that was set to your system (as above, it's My Default DLP Policy)

17.png

18.png

Great, now our Manual Classification Policy is configured. Let’s just do an Agent Wake Up to get the policy onto the client.

19.png

Using Manual Classification

Moving to the client system, I’m going to open up Microsoft Word. Here we can see a new Manual Classification button on the HOME ribbon in Word. I can click on it and assign a classification to the document directly, but I’m just going to leave that alone for now and instead just save my document.

20.png

When I go to save my document, it will pop up a dialog box and I have the option to provide a classification. I’m going to select Top Secret and save the file. This box comes up since I had checked the box for "Force end user to classify file if the file was never classified before."

23.png

Now that the file is classified as Top Secret, I’m going to try to transfer it to my cloud storage on Microsoft OneDrive. When I try to move it, my Cloud Protection Policy will prevent the file from being transferred since I have the Cloud Protection Rule that prevents files classified as Top Secret from being copied to cloud services.

24.png

One important thing to note is that if I try to move the file, it will put the file into quarantine and it will no longer show up on the desktop. It may look like the file is gone but it’s just now in the local DLP quarantine directory. This won’t be an issue if the file is copied.

When I open the text file, it’ll provide me the path to the quarantine directory. I’m just going to go ahead and retrieve my file and put it back on the desktop.

25.png

I also have the ability to classify the file with the contextual menu in Windows Explorer. When I right click on a supported file, I can select Data Protection > Classify File.

26.png

Now it will open up the Manual Classification menu and I can change its classification. I’m just going to select the first radio button to mark the file as NOT CLASSIFIED.

27.png

After I modify the file, I can now move it successfully to my cloud service since it is no longer classified as Top Secret.

28.png

As we can see, Manual Classifications are a powerful tool for users to classify file with unstructured data types. Since users often times have the best knowledge of what to classify their data as, this provides them an easy way to control how data is classified within your organization.

Labels (1)
Comments
jmazzeo07

Excellent DOC.

The manual classification is a great add to the DLP platform.

Is possible to have in ePO one report, or a summary of the files manually classified by the users? Ordered by classification, how much files on each classification, how much files each user has classified, etc.

Regards

mm181

i need to be able to manually classify a text file , but the .txt files do not have this right-click data protection option enabled . How can i enable it ?

Version history
Revision #:
1 of 1
Last update:
‎07-14-2016 07:50 AM
Updated by: