A fantastic new feature was added to McAfee Client Proxy (MCP) 2.3.5 the industry's most robust centrally managed web redirection agent. MCP now supplies calling process information to be used in filtering decisions and logging. Rules based on process name supplied by MCP can be used with MWG on premise, or in AWS, or in Azure, or in McAfee Web Gateway Cloud Service when policy is managed from MWG. All supported versions of on premise Content Security Reporter can be used for reporting by using a User - Defined field.
Having process information to assist with filtering decisions is an amazingly useful feature. Maybe you want to coach browser access to uncategorized sites but completely block other processes such as powershell from going to anything but fully trusted sites. Maybe you want to restrict any process other than a browser from going to any sites that aren't approved or fully trusted. Maybe you want to adjust anti-malware filtering or bypass other filters for specific processes but still want to log and proxy the access. Perhaps you want to restrict a process claiming to be dropbox.exe to only connect to dropbox sites.
How do I set it up?
Accepted Solutions
Requirements:
McAfee Client Proxy 2.3.5 or later
McAfee Web Gateway 7.8.2 or later (the property is Client.ProcessName)
Content Security Reporter on premise (any supported version)
You need to log the process name and change your log header to include it
You need to set up process name as one of the user-defined fields on import. ( I used the 4th )
Your queries have to be detailed queries (due to user-defined field use)
MWG process filtering ruleset (attached)
ePolicy Orchestrator dashboard example in reply to this reply
Some explanatory configuration screenshots below.
Requirements:
McAfee Client Proxy 2.3.5 or later
McAfee Web Gateway 7.8.2 or later (the property is Client.ProcessName)
Content Security Reporter on premise (any supported version)
You need to log the process name and change your log header to include it
You need to set up process name as one of the user-defined fields on import. ( I used the 4th )
Your queries have to be detailed queries (due to user-defined field use)
MWG process filtering ruleset (attached)
ePolicy Orchestrator dashboard example in reply to this reply
Some explanatory configuration screenshots below.
Community Help Hub
-
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
- Find Forum FAQs
- Learn How to Earn Badges
- Ask for Help
Join the Community
-
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
- Get helpful solutions from McAfee experts.
- Stay connected to product conversations that matter to you.
- Participate in product groups led by McAfee employees.
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA