I've been working with McAfee support for a few weeks on this and they just can't seem to come up with a solution nor do they seem familiar enough with the product to properly assist me. I'm trying to whitelist one particular site (youtube.com) for one group of users. I have the streaming category blocked by default but allow the whole category for my allow group. I want to give another group access to youtube.com but have all other URLs categorized as streaming blocked. Doesn't seem like a crazy request but it seems impossible to configure in the ePO cloud service. Any help would be appreciated. Thank you.
This is something I want as well!
At the moment for the Cloud Only UI cannot support exactly what you're describing (URL based exceptions for groups). The URL exceptions apply to the protection area (i.e. Web Category Filter).
Something that may work would be to allow the category for the group (under Web Category Filter), then allow the Youtube Application for the group (under Access Protection). Using the application based approach also eliminates the need for you having to maintain a list of URLs for Youtube.
I also forwarded this thread to our UX team. The ePO Cloud "Feedback" option actually goes directly to them. If you find any other gaps in policy creation, please do feel free to use the Feedback option as well.
I spoke a little too soon, this (group based url whitelists) is currently apart of the policy in the beta environment -- so this should going live pretty soon.
Thanks Jon for your responses. Any idea when this system in the beta environment will be going live?
I can now see you can now block certain groups and that "allow" is the catch all and primary action (previously when you created a new rule using a URL list, you could not block a certain group). However, this does not solve my problem, it's close but not what I'm looking for. I'm looking to have the rule default to block and only allow certain groups, not the other way around. For other rules, you can move the "Block" action to the bottom to make it the catch all (primary) and then force it to allow only for the groups you specify. However, when you create a new rule using URL Lists, the "Move Down" and "Move Up" action is greyed out (see screenshot) and I cannot change the primary action of the rule I would like to create. You can change the primary action of the rule if you create a new rule using "Web Categories" as the "Move Up" and "Move Down" action are not greyed out.