I've been working with McAfee support for a few weeks on this and they just can't seem to come up with a solution nor do they seem familiar enough with the product to properly assist me. I'm trying to whitelist one particular site (youtube.com) for one group of users. I have the streaming category blocked by default but allow the whole category for my allow group. I want to give another group access to youtube.com but have all other URLs categorized as streaming blocked. Doesn't seem like a crazy request but it seems impossible to configure in the ePO cloud service. Any help would be appreciated. Thank you.
This is something I want as well!
At the moment for the Cloud Only UI cannot support exactly what you're describing (URL based exceptions for groups). The URL exceptions apply to the protection area (i.e. Web Category Filter).
Something that may work would be to allow the category for the group (under Web Category Filter), then allow the Youtube Application for the group (under Access Protection). Using the application based approach also eliminates the need for you having to maintain a list of URLs for Youtube.
I also forwarded this thread to our UX team. The ePO Cloud "Feedback" option actually goes directly to them. If you find any other gaps in policy creation, please do feel free to use the Feedback option as well.
I spoke a little too soon, this (group based url whitelists) is currently apart of the policy in the beta environment -- so this should going live pretty soon.
I can now see you can now block certain groups and that "allow" is the catch all and primary action (previously when you created a new rule using a URL list, you could not block a certain group). However, this does not solve my problem, it's close but not what I'm looking for. I'm looking to have the rule default to block and only allow certain groups, not the other way around. For other rules, you can move the "Block" action to the bottom to make it the catch all (primary) and then force it to allow only for the groups you specify. However, when you create a new rule using URL Lists, the "Move Down" and "Move Up" action is greyed out (see screenshot) and I cannot change the primary action of the rule I would like to create. You can change the primary action of the rule if you create a new rule using "Web Categories" as the "Move Up" and "Move Down" action are not greyed out.
I try to set the rules in the Access Protection as indicated in the manual:
Create a rule using exceptions
You can provide or deny certain access to the user groups by creating a rule using exceptions to specify user
Assume that you are creating a rule to deny executive user group access to social networking sites.
1 From the McAfee ePO Cloud menu, select Policy | Web Policy.
2 Create a rule in the Access Protection feature area.
From Policy Browser, click of the feature policy.
b Select New Rule.
3 Assign the required rule type.
a From the Catalog pane, select Web Applications from the drop-down list.
b From the Catalog pane, click to the right of Social Networking.
In the Rule Details pane, you see that the rule name is now Social Networking.
4 Assign the required user groups.
a In the Rule Details pane, click located next to the Block option, to display the list of User Groups.
b In the Catalog pane, click to the right of Executives.
You can add one or more user groups to an action.
5 In the Rule Details pane, click Save.
I have the same config, but with WEB MAIL.
BUT if i set this rules in access protection, the rules match only with the WEB MAIL LIST. But this works only for the link in this list.
If i try to open gmail.com it's blocked because is in the list, but if i try five "regional" web mail are not blocked.
If i create a rules in the WEB CATEGORY FILTER all web mail are blocked. BUT here i cant create different rules for different group with different category to block.