5 Replies Latest reply on Sep 11, 2008 9:34 AM by wilson010

    DLP not working

      I have DLP full liscensed installed. Its set up not issues, I have it set to block USB and Cd/Dvd rom devices however it isnt. Can any one tell me where the issue is occurring.

      The device class ,definition and rules are set as well as a user assignment group
        • 1. RE: DLP not working
          Can anyone from mcafee or anyone at all offer some help
          • 2. RE: DLP not working
            Can you please describe how and where you defined the device definitions and rules. Also check if rules defined by assigment group or by computers in ePO policy.
            Ill can try to help to you.

            Alex
            • 3. RE: DLP not working
              The device definitions were defined in the Device Definitions category in Device Management, similiarly Device Rules were defined in the Device Definition category in Device Management.

              Device definitions were defined as follows Bus type and CD/DVD drives were chosen as the selected parameters. Only USB was selected in the Bus type parameter.

              Device Definitions were defined as follows. Step 1: The device definition rules from above was included.
              Step 2: Block (online\offline); Monitor (online\offline) and Notify user (online\offline) were selected.
              Step 3: Was left blank initally with just the privileged user set up by user account. The drives were not being blocked. A User Assignment group was then set up and used, it was set up by group as defined by Active Directory.
              • 4. Method of enforcement
                Basically mistake with McAfee DLP is method of enforcement.
                You need to decide wich one more effective for you - computer or users/group enforcement.
                If you try to use both, the resoult is conflict and policy not work.
                My advice - start from beginning. Delete device rules and Assignment groups. Recreate rules.
                1. For computer enforcement - leave "Assignment groups" empty (skip it) and create policy for DLP agent in policy catalog. Select the created rules and apply policy for selected computers or group.
                2. For AD user/group enforcenent - select "Assignment group" in Device rule creation wizard, click apply button in DLP management interface and NOT!!! change policy for DLP Agent.
                3. Make wakeup for clients.

                PS: Changes madden in "Agent Global configuration" enforced just after client reboot.


                Goog luck

                Alex
                • 5. RE: Method of enforcement
                  I just evaluate DLP and find quite diffcult to start with.

                  The product guide may not be a good starting point.
                  It descript every screen items in the policy manager.

                  Is there any step by step guide for beginner to try on setting up some basic infrastructure?