cancel
Showing results for 
Search instead for 
Did you mean: 
cyrix
Level 7
Report Inappropriate Content
Message 1 of 5

Create device blocking rule

Hi,

We had purchase Device Control package of DLP.
Installation and DLP agent deployment to target computer ( test client) is finished.

I would like to know where can i find a simple to undestand guide on how to create device blocking rule. I have tried but i can't even block a single USB on the target computer.
By the way we are not using AD. We plan to make a computer device rule/policy only.

Thanks!
4 Replies

RE: Create device blocking rule



You needs to create a new device definition (in dlp policy - EPO extension).
- Reaction rule (monitor, notify and block) associated to device definition
- Apply to epo
In EPO4, policy catalog-> edit dlp default policy (check online user and local user)
In systems tree asign this policy to machine.

Good luck
cyrix
Level 7
Report Inappropriate Content
Message 3 of 5

Create device blocking rule

Hi,

I made a very simply policy to block a USB with Device Instance ID USB\VID_0718&PID_0432\07840C2B09E1

Reaction rule: (Block, Monitor, Notify)
Device Definition: Device Instace ID: USB\VID_0718&PID_0432\07840C2B09E1
Bus Type : USB
Device Rule: Include (Block, Monitor, Notify)
Apply to ePO => No error
Policy catalog-> edit dlp default policy (check online user and local user)

1) I have check the port no 43000 thru telnet.
2) SMC.opg date/time stamp is the same with the DLP Monitor report, meaning its deployment is succesfull.


Why not working!? it made me crazy..
Some one pls help.
Thanks!

RE: Create device blocking rule

Check in dlp policy "policy assignment". What user groups appears? If you don´t configure this assignment group (blank), policy should affect/apply to all local users machine. If Active Directory exists in your environment, you need to configure A.D users in DLP Policy.
-Check device definitions, If you need to block usb mass storage, Mcafee recommends "removable mass storage definition" with your options it should works.
- In DLP agent you can configure DLP agent log & debug options.


Good luck

RE: Create device blocking rule

check the global agent configuration before apply any rule
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community