cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 1 of 6
‎01-08-2019 06:28 AM

How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

A fantastic new feature was added to McAfee Client Proxy (MCP) 2.3.5 the industry's most robust centrally managed web redirection agent.  MCP now supplies calling process information to be used in filtering decisions and logging. Rules based on process name supplied by MCP can be used with MWG on premise, or in AWS, or in Azure, or in McAfee Web Gateway Cloud Service when policy is managed from MWG. All supported versions of on premise Content Security Reporter can be used for reporting by using a User - Defined field.

Having process information to assist with filtering decisions is an amazingly useful feature. Maybe you want to coach browser access to uncategorized sites but completely block other processes such as powershell from going to anything but fully trusted sites. Maybe you want to restrict any process other than a browser from going to any sites that aren't approved or fully trusted. Maybe you  want to adjust anti-malware filtering or bypass other filters for specific processes but still want to log and proxy the access. Perhaps you want to restrict a process claiming to be dropbox.exe to only connect to dropbox sites.

How do I set it up?

Capture.JPG

0 Kudos
Reply
2 Solutions

Accepted Solutions
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 2 of 6
‎01-08-2019 06:30 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Requirements:

McAfee Client Proxy 2.3.5 or later

McAfee Web Gateway 7.8.2 or later (the property is Client.ProcessName)

Content Security Reporter on premise (any supported version)

You need to log the process name and change your log header to include it

You need to set up process name as one of the user-defined fields on import. ( I used the 4th  )

Your queries have to be detailed queries (due to using user-defined field use)

MWG process filtering ruleset attached

ePolicy Orchestrator dashboard example in reply to this reply

Some explanatory configuration screenshots below.


Capture3.JPGAccess Log Config

 

Capture2.JPGLog Handler

 Capture1.JPGCSR User-Defined Field

 

 

0 Kudos
Reply
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 3 of 6
‎01-08-2019 06:56 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Feedback, suggestions and improvements to this post welcome as always.

0 Kudos
Reply
5 Replies
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 2 of 6
‎01-08-2019 06:30 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Requirements:

McAfee Client Proxy 2.3.5 or later

McAfee Web Gateway 7.8.2 or later (the property is Client.ProcessName)

Content Security Reporter on premise (any supported version)

You need to log the process name and change your log header to include it

You need to set up process name as one of the user-defined fields on import. ( I used the 4th  )

Your queries have to be detailed queries (due to using user-defined field use)

MWG process filtering ruleset attached

ePolicy Orchestrator dashboard example in reply to this reply

Some explanatory configuration screenshots below.


Capture3.JPGAccess Log Config

 

Capture2.JPGLog Handler

 Capture1.JPGCSR User-Defined Field

 

 

0 Kudos
Reply
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 3 of 6
‎01-08-2019 06:56 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Feedback, suggestions and improvements to this post welcome as always.

0 Kudos
Reply
feickholt
feickholt
Level 10
Report Inappropriate Content
Message 4 of 6
‎05-07-2019 02:30 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

I tried to find the property in our configuration 7.7.2.19 but I don't find it?

 

 

0 Kudos
Reply
feickholt
feickholt
Level 10
Report Inappropriate Content
Message 5 of 6
‎05-07-2019 03:11 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

I think you made a mistake. In your example xml file the version is 7.8.2... so I expect this property was new in 7.8.2 instead of 7.7.2

0 Kudos
Reply
jebeling
McAfee Employee jebeling
McAfee Employee
Report Inappropriate Content
Message 6 of 6
‎05-07-2019 07:09 AM

Re: How Do I Use and Log McAfee Client Proxy (MCP) Process Information with MWG and WGCS?

Jump to solution

Thanks, I believe you are correct. I couldn't find the appropriate reference guides or anything in the release notes so I edited above to reflect 7.8.2 because I know its there for sure. I will do some more investigation and if its available in an earlier release, I will update again.

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator