cancel
Showing results for 
Search instead for 
Did you mean: 
EPO-Janni
Level 9

How to block the whole WEB internet access using SAE+ 3.0

Hello,

we are using SAE+ 3.0 in our EPO environment on some clients. Is there any possibility to use SAE+ 3.0 to configure blocking rules for whole internet WEB access using IE? Unfortunately the signs "*" and "?" can’t be used in “prohibit list”. And “.COM” will also not work because 6 signs are needed at least. Is it possible to block WEB access using SAE+ 3.0 on the applied machines? If yes - which EPO policy I have to configure?

Thanks and best regards

Janni

0 Kudos
9 Replies
EPO-Janni
Level 9

Re: How to block the whole WEB internet access using SAE+ 3.0

Hi,

no ideas?

Regards

Janni

0 Kudos
EPO-Janni
Level 9

Re: How to block the whole WEB internet access using SAE+ 3.0

Hi,

no answers? May be that means it’s not possible to block all site except the positive list. That’s a pity.

Why signs like “*” and “?” are not allowed to configure negative or positive access list entries? And why the minimum length of signs is 6? I can’t understand that!

Best regards

Janni

0 Kudos
Tristan
Level 15

Re: How to block the whole WEB internet access using SAE+ 3.0

Wrong tool for the job really. SAE is designed to manage access to the internet not block it completely.

If you want to completely block Internet access on a user by user basis then you need to be looking at an authenticated proxy server, something like Microsofts TMG for example.

0 Kudos
EPO-Janni
Level 9

Re: How to block the whole WEB internet access using SAE+ 3.0

Hi,

thanks for information. But to "mange access" also includes "to block" sites except the positive list. What will be the problem to allow "*" and minimum length of 3 signs for SAE developers team?

Best regards

Janni

0 Kudos
EPO-Janni
Level 9

Re: How to block the whole WEB internet access using SAE+ 3.0

Hi,

it seems that’s unfortunately not possible to block main WEB access using SAE+ . May be it’s possible to reconfigure the minimum sign length form 6 signs to 3? So I’m able to configure .COM or .DE. Is the sign length hard coded or is it possible to reconfigure the minimum sign length in configuration file on the EPO?

Best regards,

Maik

0 Kudos
spkslattery
Level 10

Re: How to block the whole WEB internet access using SAE+ 3.0

If you have access to the Web Filtering for Endpoints (WFE) extension, you could easily create a content blocking rule for ALL content categories including uncategorized. WFE is included in several endpoint suites and also as a standalone product.

0 Kudos
EPO-Janni
Level 9

Re: How to block the whole WEB internet access using SAE+ 3.0

Dear Sean,

thanks for information. We currently use SAE 3.0 in our EPO 4.6.1 environment. As I found in McAfee product description the WFE is an optional component of SAE - right?. But I can’t find how to add or configure this additional WFE. I can only download the SAE 3.0 package including software package for EPO master repository and EPO extensions.

Best regards,

Janni

Nachricht geändert durch EPO-Janni on 10.05.12 08:21:50 MESZ
0 Kudos
spkslattery
Level 10

Re: How to block the whole WEB internet access using SAE+ 3.0

I would recommend using SAE35 as it has better browser support and the ability to prevent other browsers from running. Regardless, you can still download the evaluation version of the WFE 3.0 extension from McAfee.

http://www.mcafee.com/apps/downloads/free-evaluations/default.aspx?pc=13320&lang=en&plat=platform&pi...

Once you have WFE, another great benefit is the use of Web Reporter. While SAE's basic warn and block events are queried from ePO, for true complete content monitoring of users, you'll need to use Web Reporter. It is a separately installed server product and database. Web Reporter looks a lot like ePO and can easily be configured to send weekly reports of Top 10 Users, Sites, Users and Sites, Sites and Users,etc to department heads and managers. These are the most common requests of my clients.

Web Reporter can integrate content filtering events from other McAfee solutions such as Web Gateway and Firewall Enterprise. Not only do you achieve consistent policy creation but also consistent reporting, which I feel is even more important.

WFE can be purchased separate but is included in several endpoint suites such as Endpoint Protection Advanced (EPA), my favorite, and EPE. WFE by itself is quite inexpensive.

0 Kudos
EPO-Janni
Level 9

Re: How to block the whole WEB internet access using SAE+ 3.0

Thanks a lot for your hints. I'll try to test it.

Best regards,

Janni

0 Kudos