3 Replies Latest reply on Mar 22, 2011 4:21 PM by SafeBoot

    EEFF and compression

      Hello,

       

      We currently making some test with EEFF and DLP.

      We have an issue when we try  to compress an encrypted file. After compression the file is not encrypted in the zip archive. The problem is that we want that the file stay encrypted all the time (user can't decrypt the file manually) for security reason.

      After some search on mcafee knowledge base we found that EEFF can't encrypt in zip file.

       

      How did you solve this problem in your company ?

       

      Thanks for your help.

        • 1. Re: EEFF and compression

          yes, this is to be expected - When the compression program reads the file, it gets transparently decrypted just as if the user was opening a word document.

           

          To prevent this, you need to make the compression tool a "bypass program" (see your EEFF Administrators Guide) - this will let the tool get access to the raw encrypted data.

           

          what was the article you found in the KC? Can you post a link to it?

          • 2. Re: EEFF and compression

            Hello,

             

            Thanks for your quick answer, the KB is KB66837

            The problem is how to define a bypass program, do you mean Blocked process in Encryption option ?

            I didn't found this option in the sever.

             

            Thanks for your help

            • 3. Re: EEFF and compression

              yeah - thats it. Unfortunately I found a footnote in the help file which brings us full circle to your issue

               

              Not sure what the technical reason is, other than that you can't compress encrypted data anyway, or it may be something due to the way they re-write the file. I guess try it and see?

               

              Process Exemptions

              With this feature, it is possible to exclude certain applications from proper access to encrypted data. Exempted processes (applications) will then always be given files in cipher text by the Endpoint Encryption for Files and Folders encryption filter driver, i.e. files will not be decrypted for the exempted applications.

              To add a process that shall be exempted, simply click the Add button and enter the name of the process to be exempted.

              To edit the name of an exempted process, click the Edit button.

              To remove an exempted process, select the process name in the list and click Remove.

              Removing or editing an exempted process requires the client to update the policy and then a reboot of the client machine in order to take effect.

               

              An ideal example is the sending of e-mail attachments where the attachment source file is encrypted on disk. By entering the e-mail client process name in the list of exempted processes, files that are encrypted on disk cannot be sent away in plaintext. The e-mail client will receive the attachment in cipher text and it will be sent in cipher text; any draft created will also have the attachment in cipher text. Obviously, the receiving party must have Endpoint Encryption for Files and Folders installed in order to read the attachment and also have access to the encryption key used.

              Other processes that may be worth to enter as exempted are Internet browser applications (e.g. iexplore.exe) and FTP applications.

              Data compression applications like WinZip® must not be set as exempted processes. If exempted, they will continuously fatally fail to perform compression operations on encrypted data.