Hello everybody. Im new with McaFee DLP.
im using DLP 3.0 on a lab eviroment. I tried to make a clipboard & print block rules and it didnt work for me at all.
1st i made a Location Based Tagging Rule that all *.TXT and *.DOC on a shared folder which is in my file server will be tagged. (and called it TAG1)
2nd i made a Printing Protection Rule and configured it to block all network & local printers. I also created unmanaged printer model. (and attache it to TAG1)
3rd i made a Clipboad Protection Rule and configured it to block TAG1 from being copy.
also i created 3 domain users and listed it to an User Assignment Group.
I think i made everythnig just right. and i dont know why this isnt working... \=
When i login with one of the users i created and accessing to the shared folder i can still copy it to my desktop and print it and do whatever i want to.
Any help will be appreciated!
Other rules like Screen Capture Protection Rule is working just fine!
if it will help you to help me this is my lab enviroment:
1 SQL 2005 SP2
1 DC 2003
1 McaFee EPO 4.5
2 XP Clients SP3 (ENG)
Have you enabled all the agent handlers? Printer should be moved into managed category.
You can see if the tagging rule is tagging the contents by enabling manual tagging for test.
as i said everything is fine.
Then I think you should buy some McAfee professional services time to help you out in finding the root-cause.
i have the same problem and seems that mcafee dlp is a little bit crapy...
created rules working normaly, but cliboard protection don't work with windows explorer (it worked good with opened documents, till dlp console crashed.. after that everything was repaired)...
maybe there is solution how to prevent files be copied with windows explorer? or this is not possible?
p.s. mcafee support (like reinstall, read manual, etc.) not an option...i need mention what aplication needed to be protected to prevent copy files (not file content), (when included block application explorer.exe don't work)...tagging is working...
Can answer to one part.
DLP v.3 can't prevent from copy files from one location (like share) to local computer if user can reach file. copy means with windows explorer (or other program). clipboard has something to do only with file conent (like copy xls file conten with excel). you must make desired file level security solution (like ntfs not to allow copy) or use dlp with other mcafee solutions.
if tagging working correctly for copied file dlp can prevent print blocking (for network and local printers)...
p.s. it would be nice to have block option for file access rule and file system protection rule.
I am afraid you can do that with Host DLP. HDLP is designed to prevent data loss when it starts moving from the end-point - in this case your workstation/laptop to a device with file system like mass storage, flash drive, CD/DVD etc or through e-mail, print etc.
You should consider implementing Network DLP when you want to monitor/prevent your data being copied from share folder! HDLP is simply not designed to protect data from a shared folder..Yes, I think you can monitor to a certain level!
host dlp can't prevent file copy (only to monitor) from share to computer... prevent copy you can with file system permisions (etc. ) or other mcafee product...you can only monitor or notify specific aplication access to file (not the action - to be correctly) with host dlp...