cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 1 of 3
‎01-08-2019 06:28 AM

How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

A fantastic new feature was added to McAfee Client Proxy (MCP) 2.3.5 the industry's most robust centrally managed web redirection agent.  MCP now supplies calling process information to be used in filtering decisions and logging. Rules based on process name supplied by MCP can be used with MWG on premise, or in AWS, or in Azure, or in McAfee Web Gateway Cloud Service when policy is managed from MWG. All supported versions of on premise Content Security Reporter can be used for reporting by using a User - Defined field.

Having process information to assist with filtering decisions is an amazingly useful feature. Maybe you want to coach browser access to uncategorized sites but completely block other processes such as powershell from going to anything but fully trusted sites. Maybe you want to restrict any process other than a browser from going to any sites that aren't approved or fully trusted. Maybe you  want to adjust anti-malware filtering or bypass other filters for specific processes but still want to log and proxy the access.

How do I set it up?

Capture.JPG

0 Kudos
Reply
2 Solutions

Accepted Solutions
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 2 of 3
‎01-08-2019 06:30 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Requirements:

McAfee Client Proxy 2.3.5

McAfee Web Gateway 7.7.2 or later (the property is Client.ProcessName)

Content Security Reporter on premise (any supported version)

You need to log the process name and change your log header to include it

You need to set up process name as one of the user-defined fields on import. ( I used the 4th  )

Your queries have to be detailed queries (due to using user-defined field use)

MWG process filtering ruleset attached

ePolicy Orchestrator dashboard example in reply to this reply

Some explanatory configuration screenshots below.


Capture3.JPGAccess Log Config

 

Capture2.JPGLog Handler

 Capture1.JPGCSR User-Defined Field

 

 

0 Kudos
Reply
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 3 of 3
‎01-08-2019 06:56 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Feedback, suggestions and improvements to this post welcome as always.

0 Kudos
Reply
2 Replies
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 2 of 3
‎01-08-2019 06:30 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Requirements:

McAfee Client Proxy 2.3.5

McAfee Web Gateway 7.7.2 or later (the property is Client.ProcessName)

Content Security Reporter on premise (any supported version)

You need to log the process name and change your log header to include it

You need to set up process name as one of the user-defined fields on import. ( I used the 4th  )

Your queries have to be detailed queries (due to using user-defined field use)

MWG process filtering ruleset attached

ePolicy Orchestrator dashboard example in reply to this reply

Some explanatory configuration screenshots below.


Capture3.JPGAccess Log Config

 

Capture2.JPGLog Handler

 Capture1.JPGCSR User-Defined Field

 

 

0 Kudos
Reply
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 3 of 3
‎01-08-2019 06:56 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Feedback, suggestions and improvements to this post welcome as always.

0 Kudos
Reply
ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.