cancel
Showing results for 
Search instead for 
Did you mean: 
mcafeebolscz
Level 7

EEFF not working in test ?

Hi everyone.

I am doing some test with EEFF 4.0. I'm using EPO 4.6.0. We have a domain and about 100 managed system. Most of them already have VSE, SiteAdvisor, DLP Endpoint deployed.

We have valious information in .doc documents; some workers sent files to cloud (like OneDrive) just for working at home and we want prevent people can open that info (in home laptops or PC's), unless they use office laptop we provide them.

For testing, i deployed EEFF 4.0 on a Windows 7 32x SP1 laptop and I modified "MyDefault" policies for :

Grant Keys (I create a key and assign that to Grant Key policy)

File Encryption (I associate process winword.exe and explorer.exe to ".doc" and ".docx" file extensions to be encrypted with the same key that I assign to Grant Keys)

Folder Encryption ( I assign a Decrypt key for [Desktop] folder. Just for test.

With Grant Keys and File Encryption i hope Mcafee EEFF could encrypt all files with extension that I associate and if one or more of them is sent, copied or transferred by any way to a non-office computer, it wouldn't be accesible because that computer haven't the key.

Is this all ok? That is the way it should work?

I am asking because that is what i am trying to do and it is not working. When i open a folder in office laptop, i see the files are encrypted (they have paidlock icon visible) but when i send them or copy by any vía, I can open it and view in any other computer and it don't appear encrypted.

Is something I am doing wrong?

Thanks in advance,

CDR

0 Kudos
15 Replies
SafeBoot
Level 21

Re: EEFF not working in test ?

sounds like it's working fine.

remember, if you do something which reads a file, you need the key to decrypt it, but if you read a file, then output it in some other format the chances are you will loose the encryption. EEFF can only trap file writes, so creating a file, copying a file with explorer etc, that will all preserve encryption. Emailing a file, creating a DVD, uploading it to the web etc are all things you need Host DLP to protect against. 

For example if you attach a file to an email - you didn't "copy" it to the recipient, you read it into an application and then converted it to a different format (MIME), so if you give outlook permission to read the file, you will lose the encryption.

If you share a drive on a computer running EEFF, then there won't be any protection on that share over the network because when the file system reads the file after a network request, that's no different to you sitting in front of the machine trying to open the file - it will get decrypted if the key is in memory.

computers sharing files should NOT have EEFF installed, only computers reading files.

mcafeebolscz
Level 7

Re: EEFF not working in test ?

Dear SafeBoot,

Now I understand. It's absolutely right. But then, I think I am using a wrong product to do what I want to do. Now my question is, how can I protect certain files so they can't be accessed from other computer except office computer? Some users send files to cloud and then download it for working from home. But we don't want that files be a data loss menace.

We are protecting some ways with DLP Endpoint like, prevent print-screen, prevent printing, prevent copied to Removable medias, and even prevent using clipboard; but, how can we allow they can send files to cloud (OneDrive, Dropbox, etc) for working from home, but not open or read in non-office computers or laptops from downloading from cloud, or received by e-mail?

Thanks in advance.

0 Kudos
tusharkotwal
Level 9

Re: EEFF not working in test ?

Create a firewall rule, rule type: Domain, at the top and enter the domain name like *dropbox.com. This will cause the firewall to drop any dns requests to that domain, effectively blocking it. also you can use the site advisor software  (ePO version) this software can block web sites.

0 Kudos
mcafeebolscz
Level 7

Re: EEFF not working in test ?

User must be able to reach Dropbox and/or use it. The objective is do not download confidential documentation to a computers or laptops that do not belong organization.
Thank you.

0 Kudos
eeffuser
Level 7

Re: EEFF not working in test ?

HDLP and likely Network Data Loss Prevention can allow you to block files from being uploaded to Dropbox and other cloud based storage. But you say you need to allow users to use these services. The only thing I see is if the files are encrypted with EEFF, even if they can download from non office computers, they will not be able to access the data, unless of course if they have access to the EEFF keys from the non office computers. Also be advised that unless a process is explicitly blocked, it will be able to automatically decrypt the file (internet explorer, ms office, etc)

Message was edited by: eeffuser on 3/10/14 10:12:15 PM CDT
0 Kudos
mcafeebolscz
Level 7

Re: EEFF not working in test ?

Dear eeffuser

Thank you for idea. In fact, that was exactly I was trying to do with EEFF. But i have done some test with sending by email and the files arrives to non office computers without encryption. That was explained by SafeBoot just here. So, i am confused.

If I have an encrypted ".doc" file and it is decrypted when it is posted to a webmail service (as Gmail), i think the same issue will hapen when users save that ".doc" files to Dropbox because they are uploaded and converted to other format. So, anyway, the file will arrive decrypted outside organization.

Please, any help?  I repost SafeBoot answer here down. Thank you.

SafeBoot escribió:

sounds like it's working fine.

remember, if you do something which reads a file, you need the key to decrypt it, but if you read a file, then output it in some other format the chances are you will loose the encryption. EEFF can only trap file writes, so creating a file, copying a file with explorer etc, that will all preserve encryption. Emailing a file, creating a DVD, uploading it to the web etc are all things you need Host DLP to protect against.

For example if you attach a file to an email - you didn't "copy" it to the recipient, you read it into an application and then converted it to a different format (MIME), so if you give outlook permission to read the file, you will lose the encryption.

If you share a drive on a computer running EEFF, then there won't be any protection on that share over the network because when the file system reads the file after a network request, that's no different to you sitting in front of the machine trying to open the file - it will get decrypted if the key is in memory.

computers sharing files should NOT have EEFF installed, only computers reading files.

0 Kudos
eeffuser
Level 7

Re: EEFF not working in test ?

To test, you can try to add the web browser being used to access gmail or dropbox (for example iexplore.exe) to the excluded processes list. This should prevent decryption.

0 Kudos
mcafeebolscz
Level 7

Re: EEFF not working in test ?

I just try it. I send an encrypted file from Gmail using Chrome and I associate "chrome.exe" with "doc docx" files in "File Encryption"  settings but the file arrives decrypted to destination. Any ideas?

eeff.jpg

0 Kudos
eeffuser
Level 7

Re: EEFF not working in test ?

Can you try in 'Encryption Options' instead and add the exe name to the Blocked Processes box?

0 Kudos