It seems you need a McAfee DLP expert onsite to address all your queries and to show how rules work (POC)
Sorry for my so many questions.
I did not familiar with McAfee and DLP before.
And please answer with simple key discription and that can help me a lot.
I am familiar with DLP configuration now but the questions in discuss are could not be implemented.
you can only tell me: device difinition--which bus select ? -- VID/PID select and input.
device rules--step1-select difinition include/exclude? ; step 2-block and notice,online/offline?; step3-user group.
Please help me, our DLP experts in community.
Thank you !
If you want to exclude specific USB devices, then you have to create a separate definition using PID/VID or serial number. They you include all USB and exclude the one you want to allow.
Let me know your rule summary if you have already created one!
1. Make sure devices with offline events have uploaded all events.
2. User group binding is optional only if you are going to use Computer based assignment.
3. Check the ePO Permission Sets for the currently logged in user. Ensure the Agent Override password has been set.
4. The most restrictive rule will be applied.
Like AB mentioned, McAfee Professional Services will be a good option for you.