This is a good question. We are beginning to implement DLP. The way I see us applying policy is via AD OU and have an exception AD group. So I would create a restrictive rule applied to the AD OU, then exclude the AD exception group from the rule. I chose AD OU because different business units are going to have different DLP requirements/policies.
I do have questions relating to performance. How are policies calculated for the user who logs in? How long does it take? Any negative performance effects on the machine with user based policies? This is where a best practices guide for policy assignment would come in handy.
Hi had tried this before my method which is like all user allow to read disable write. While i had another AD Group which will tie to the EPO new rules which allow write and it works perfectly.
My rules are usually tagged with users not the computers. So i do not know what type control are you doing.
But with Best Practices Guildlines. I do not see McAfee coming out. So Answer is no.
Even Auditor did not even tap to these application security. It too new to auditors
What i know from McAfee is that default rule overwrite which means allow policy is giving more priority.