3 Replies Latest reply on Jun 15, 2010 11:01 AM by CIPHENT.com

    Device Control and EERM

    geek

      Hi all!

       

      I`ve got a problem with connectivity of device control and encrypted by Endpoint Encryption for Files and Folders Usb stick.

       

      I want to block all usb sticks except encrypted by EEFF. For that I create removable storage device rule with next parameters:

      1.  Removable storage device defenition - Include - All removable storage devices

      2. Removable storage device defenition - Exclude - Content Encrypted by McAfee Endpoint Encryption

      3. Action - Block,Monitor,Notify for all domain users.

       

      But this rule dosn`t work . Both usb sticks (encrypted and not encrypted) are blocked by hdlp agent.

       

      Does anybody know how to solve this problem?

       

      HDLP agent 9.0.100.3

      EEFF version 3.2.5

      OS WinXP SP3

       

       

      Message was edited by: geek on 6/10/10 4:28:23 PM GMT+03:00

       

       

      Message was edited by: geek on 6/10/10 4:33:03 PM GMT+03:00

       

       

      Message was edited by: geek on 6/10/10 4:34:44 PM GMT+03:00
        • 1. Re: Device Control and EERM

          What are the exact definitions you are using for both? With 9.0 you can directly create definition for the device from the log (DLP monitor) - so try to connect your excluded device to a computer where DLP is installed and create the definition. I hope you are using USB with FS option for "all USBs"...!!

           

          - AB

          • 2. Re: Device Control and EERM
            geek

            Thanks for your answer!

             

            I`m using next defenitions:

             

            1. All removable storage devices - Bus type (USB) option

            2. Content Encrypted by McAfee Endpoint Encryption - Content Encrypted by McAfee Endpoint Encryption option (RS)

             

            I think, that system must define encrypted by EEFF usb stick and without it. In DLP 9.0 product guide on 27 page said that "Content encrypted by McAfee Endpoint Encryption" option is "indicate a device protected with McAfee Endpoint Encryption."

             

            In my env. I can not manualy define ech usb stick, that why I want to automatic define and pass encrypted sticks and block all others.

            • 3. Re: Device Control and EERM

              Try fine-tuning your definitons:

               

              All USB: Choose bus type - USB, File system - Exclude CDFS and UDFS, select rest 4,

               

              EERM: Choose bus type - USB, You can choose either option like PID/VID or serial numbers (if you have the list)

               

              Rule:

               

              Include all USB exclude EERM - action, user assignment group, enable rule

               

              - AB