I have a very specific task to complete with McAfee DLP10 as a tool.
Sometimes my organization receive sensitive data on a USB stick or CD.
As every incoming sensitive data, these usbs and cds are journaled as appropriate and stored with other usbs, cds and letters in safe cupboard.
If worker asks for such data, he must sign in\off in journal every time he takes usb\cd\letter from cupboard.
Now, the problem arises as worker can COPY (gasp!) data from usb to his workstation.
However it is protected with McAfee DLP endpoint, my task is to make incident appear every time someone copy file from usb or cd to workstation.
Is it even possible?
Brief search of forum showed me some remarks from 2008 about DLP not able to trace copying from usb to workstation, because McAfee DLP only prevents "Leakage" to outside.
To simplify (i hope) problem every usb\cd can be preventively checked by person with rights to "manual classification".
Thank you for answers, in advance.
Well, looks like the shiny new version 11 has exactly what you need:
see Removable storage protection rules on page 6.