6 Replies Latest reply on Mar 31, 2011 5:10 AM by gerryrigney

    DLP and EERM Issue

      I've read a lot of posts on this and think I know the answer but would like confirmation as to me the answer seems like the product isn't working the way it should.

       

       

      -We want to deploy McAfee DLP to all users.

      -We want to prepare 100 USB keys by encrypting with EERM

      -We want to distribute these keys to staff keeping a record of who gets what

      -We want DLP to block all USB media except these encrypted keys that we handed out, encrypted being the key word here.

       

       

      From what I can see, we cannot do this with DLP?  If I create a rule to block all removable media except content encrypted with McAfee Endpoint Encryption our pre-Encrypted keys still get blocked.  I know I could take note of vendor and product IDs but what's to stop someone formatting the key on a home PC and then using it in an unencrypted state?

       

       

      Does DLP not recognise EERM devices as being truly McAfee Endpoint Encrypted devices?

       

       

      Many thanks for any thoughts/ feedback

      Gerry

       

      *Edit:

      -Forgot to mention, one other requirement is that staff can give the keys to clients with a password to unencrypt/ view

       

       

      Message was edited by: gerryrigney on 10/02/11 07:19:59 CST
        • 1. Re: DLP and EERM Issue

          Actually DLP is working fine.

          From the ReadMe;

          Compatible McAfee point products

          The following McAfee point product versions were tested for compatibility with McAfee Host Data Loss Prevention software version 9.1
          • McAfee Agent 4.0 Patch 7
          • McAfee Agent 4.5 Patch 2
          • McAfee AntiSpyware Enterprise (MASE) 8.7.0.129
          • McAfee Endpoint Encryption for Files and Folders 3.2.2.10, 4.0.0.20
          • McAfee Endpoint Encryption for Personal Computers 6.0
          • ePolicy Orchestrator 4.0 Patch 3
          • ePolicy Orchestrator 4.5 Patch 3
          • McAfee Host Intrusion Protection System (HIPS) 7.0.0 Client P8 (7.0.0.1159)
          • McAfee Network Access Control (MNAC) 3.2 Patch 1 (3.2.0.854)
          • McAfee Policy Auditor 5.1.0.183
          • McAfee RSD Sensor 4.5.0.851
          • McAfee SiteAdvisor Enterprise (SAE) 3.0.0.561
          • McAfee SolidCore 5.0.0.6201
          • McAfee VirusScan Enterprise 8.7 Patch 2 (8.7.0.570 +Patch 2)
          • McAfee Visual Technician (MVT) 1.0.4.0
          • 2. Re: DLP and EERM Issue
            protector

            Gerry,

                      I know there are issues between DLP and EERM.  For example in our environment, DLP will not trigger any rules when copying data to an EERM encrypted USB device.  I would recommend you open a SR with McAfee and get them working on a fix. 

            • 3. Re: DLP and EERM Issue

              Hi Protector

               

              We are just using the device control element of DLP, at 1st we thought that was the problem but we got a trial license for DLP and still can not get it to allow/ recognise EERM protected devices.  We're talking to our AC manager and they're looking at it but as of yet they can't get it to work the way we want it to either.

               

              Thanks for the info, I'll post if we have any luck.

              Gerry

              • 4. DLP and EERM Issue

                I've spoke with McAfee support, the ability to allow EERM devices will aparantly work once EEFF 4 is released and checked into ePO.

                • 5. Re: DLP and EERM Issue

                  Whatever you do: do NOT use McAfee Device Control with Endpoint Encryption for Files and Folders since that will store your data UNENCYPTED on the USB device!

                   

                  McAfee knows about this [they've been demo'ed the effect].

                  1 of 1 people found this helpful
                  • 6. Re: DLP and EERM Issue

                    Meant to update this post, according to McAfee even with the next version of EEFF and EERM, you will still need EEFF on the PC in order for device control to recognise and allow EERM protected devices, so the initial info I was given was incorrect.

                     

                    I tried the beta and was able to copy files unencrypted onto EERM protected devices all right, it seemed limited to small files sizes but any file is unacceptable.  I guess that's why it's called a beta though.

                     

                    Next beta is due soon I beleive, hopefully that will be resolved.