A fantastic new feature was added to McAfee Client Proxy (MCP) 2.3.5 the industry's most robust centrally managed web redirection agent. MCP now supplies calling process information to be used in filtering decisions and logging. Rules based on process name supplied by MCP can be used with MWG on premise, or in AWS, or in Azure, or in McAfee Web Gateway Cloud Service when policy is managed from MWG. All supported versions of on premise Content Security Reporter can be used for reporting by using a User - Defined field.
Having process information to assist with filtering decisions is an amazingly useful feature. Maybe you want to coach browser access to uncategorized sites but completely block other processes such as powershell from going to anything but fully trusted sites. Maybe you want to restrict any process other than a browser from going to any sites that aren't approved or fully trusted. Maybe you want to adjust anti-malware filtering or bypass other filters for specific processes but still want to log and proxy the access.
How do I set it up?
Solved! Go to Solution.
Requirements:
McAfee Client Proxy 2.3.5
McAfee Web Gateway 7.7.2 or later (the property is Client.ProcessName)
Content Security Reporter on premise (any supported version)
You need to log the process name and change your log header to include it
You need to set up process name as one of the user-defined fields on import. ( I used the 4th )
Your queries have to be detailed queries (due to using user-defined field use)
MWG process filtering ruleset attached
ePolicy Orchestrator dashboard example in reply to this reply
Some explanatory configuration screenshots below.
Access Log Config
Log Handler
CSR User-Defined Field
Feedback, suggestions and improvements to this post welcome as always.
Requirements:
McAfee Client Proxy 2.3.5
McAfee Web Gateway 7.7.2 or later (the property is Client.ProcessName)
Content Security Reporter on premise (any supported version)
You need to log the process name and change your log header to include it
You need to set up process name as one of the user-defined fields on import. ( I used the 4th )
Your queries have to be detailed queries (due to using user-defined field use)
MWG process filtering ruleset attached
ePolicy Orchestrator dashboard example in reply to this reply
Some explanatory configuration screenshots below.
Access Log Config
Log Handler
CSR User-Defined Field
Feedback, suggestions and improvements to this post welcome as always.