1 Reply Latest reply on Dec 9, 2010 5:13 AM by DavHio

    DLP 9.0 Rules Include Exclude problem

    DavHio

      Hello,

       

      We have just upgraded our ePO 4.5 with DLP 9.0 WCF Service and Extension in Backward compatibility mode "DLP Agent 2.2 patch 2 and above"

      We have not checked in the Agent product 9.0 DLP Agents yet when it will be rolled out in a segmented pilot over aprox 20K clients.

       

      The agent that we currently using is 2.2.400.18.

       

      Now we find that there is some problems with device rules that includes and excludes different definitions.

       

      In the rule we include one definitions and exclude one definition:

      'Device Block Definition'

      Device Compatible ID
      -USBSTOR\SFloppy

      -USBSTOR\Disk

      -STORAGE\Volume

       

      'Allowed Device Definitions'

      USB Device Serial Number

      {serial number}

      and so on...

       

      Case 1:

      When we only have one definition included everything works as it should.

      Case 2:

      When we have one definition included and one definition excluded, no devices are blocked.

       

      Rule Summary 1: (That works correct and blocks devices)

       

      Manage removable storage devices when the following conditions are met:

           the connected device is 'Device Block Definition'

          

      When this rule is applied perform the following actions: Block (Online/Offline) and Monitor (Online/Offline), Severity: High and Notify User (Online/Offline), Message: Default from Agent Configuration

       

      This rule is assigned in 'Test User Group'

       

       

      Rule Summary 2: (That does NOT works correct and no devices are blocked)

       

      Manage removable storage devices when the following conditions are met:

           the connected device is 'Device Block Definition'

           the connected device is not 'Allowed Device Definitions'

       

      When this rule is applied perform the following actions: Block (Online/Offline) and Monitor (Online/Offline), Severity: High and Notify User (Online/Offline), Message: Default from Agent Configuration

       

      This rule is assigned in 'Test User Group'

       

      Versions currently used:

      DLP Agent 2.2.400.18

      DLP WCF Service 9.0.0.403

      HDLP Extension 9.0.0.403

       

      It seems that when we have 2 definitions in one rule, one Include and one Exclude the rule fails.

      Note This worked perfect before the upgrade.

       

      Does anyone have any experience of what can be wrong or how to fix this?

       

      Regards

      David

       

       

        • 1. Re: DLP 9.0 Rules Include Exclude problem
          DavHio

          Exclusion based on Vendor and Product ID seem to work together with Inclusions. This seem to be the only working alternative.

          Upgraded one test client with DLP 9.0 agent. On this client the rules worked as they should with all configurations working.

           

           

          Message was edited by: DavHio on 12/9/10 5:13:16 AM CST