Hello and welcome to this document on how to use Manual Classifications in DLP Endpoint.
Manual Classification allow users to classify unstructured data by themselves without relying on regular expressions or dictionaries, or they can be used in conjunction with them.
By classifying data when it’s created, this can help increase the efficacy of McAfee DLP and decrease the potential that sensitive data is leaked.
Okay, great, let’s get started.
Configuring Manual Classification
Our first step is to set up our Classifications. Go to Menu > Classifications
Now, click on the Manual Classification tab.
Here, we can create new classifications. Let’s create a new classification with the New Classification button. I’m going to create a new classification called “Top Secret”
I’ll want to add users that will be able to use this manual classification. I can Allow Everyone to classify files or I can select specific end user groups with the Select End-User Groups option. For now, I’m just going to select Allow Everyone.
I’m also going to create a “Public” classification and Allow Everyone to use this as well. This classification will allow the users to classify a file that has fewer restrictions.
Next, using the View dropdown near the top left, I’m going to select “General Settings”.
Here, we have several options for our classifications. I’m going to enable the option to “Force end user to classify file if the file was never classified before.” This will ensure that your users review the classification of the file before saving it. Make sure to save your configuration in the bottom right.
Our next step is to add our Top Secret classification to a Rule Set.
Go to Menu > DLP Policy Manager
Now, create a new Rule Set with Actions > New Rule Set and call it Top Secret Rule Set.
Select the Top Secret Rule Set from your list of rules.
In this rule set, I’m going to add a Cloud Protection Rule with Actions > New Rule > Cloud Protection
I'm going to name it Top Secret Cloud Protection Rule. I'm also going to Enable it, and set Top Secret as the classification with the three dots next to Classification. I’m also going to select all of the cloud services and then save it.
In the reactions, I’m going to set the Action as Block, setup a user notification with the Default Cloud Notification, and check the box next to Report Incident.
I can now just save the Rule Set by clicking Save and then move to the previous screen with Close.
Finally, I’m going to assign the policy under the Policy Assignment tab.
Go to Actions > Assign Rule Sets to a policy and assign the Top Secret Rule set to the DLP policy that is assigned to your system in the ePO system tree (it's My Default DLP Policy in my environment).
Next, I’m going to go to Actions > Apply Selected Policies and select the DLP policy that was set to your system (as above, it's My Default DLP Policy)
Great, now our Manual Classification Policy is configured. Let’s just do an Agent Wake Up to get the policy onto the client.
Using Manual Classification
Moving to the client system, I’m going to open up Microsoft Word. Here we can see a new Manual Classification button on the HOME ribbon in Word. I can click on it and assign a classification to the document directly, but I’m just going to leave that alone for now and instead just save my document.
When I go to save my document, it will pop up a dialog box and I have the option to provide a classification. I’m going to select Top Secret and save the file. This box comes up since I had checked the box for "Force end user to classify file if the file was never classified before."
Now that the file is classified as Top Secret, I’m going to try to transfer it to my cloud storage on Microsoft OneDrive. When I try to move it, my Cloud Protection Policy will prevent the file from being transferred since I have the Cloud Protection Rule that prevents files classified as Top Secret from being copied to cloud services.
One important thing to note is that if I try to move the file, it will put the file into quarantine and it will no longer show up on the desktop. It may look like the file is gone but it’s just now in the local DLP quarantine directory. This won’t be an issue if the file is copied.
When I open the text file, it’ll provide me the path to the quarantine directory. I’m just going to go ahead and retrieve my file and put it back on the desktop.
I also have the ability to classify the file with the contextual menu in Windows Explorer. When I right click on a supported file, I can select Data Protection > Classify File.
Now it will open up the Manual Classification menu and I can change its classification. I’m just going to select the first radio button to mark the file as NOT CLASSIFIED.
After I modify the file, I can now move it successfully to my cloud service since it is no longer classified as Top Secret.
As we can see, Manual Classifications are a powerful tool for users to classify file with unstructured data types. Since users often times have the best knowledge of what to classify their data as, this provides them an easy way to control how data is classified within your organization.