1) As I understand there is possibility to collect all emails with their contents and attachments and store them as evidence, is this possible only with outlook (and other email clients) or will this also work with webmail? (exchange or zimbra for example).
Yes - HDLP can store evidences for outlook, lotus (e-mail protection) and web mails like gmail, yahoo, OWA etc (web protection)
2) Can I store history of where users are browsing? Just a list of URL's per User.
No - You need a proxy or web/URL gateway - Check out McAfee Web Gateway. I think if you have McAfee Network DLP, that might help to some extent in storing web traffic
3) Can I store files as evidence sent via instant messengers like Skype and store messengers chat history as evidence?
Storing evidence - Yes, chat history - No. Again Network DLP or McAfee Web Gateway might be of help
4) Am I not mistaking that DLP can store screenshots taken by users as evidence, can it also take periodic snapshots of users desktops?
No. It doesn't do any type of backup or snapshot of the end-point.
5) Can all of the above evidences be stored on client computers or only on server? (for the purpose of saving network traffic).
Server or NAS or SAN. When the endpoint is offline, all the evidence get stored locally encrypted and those goes to evidence storage when machine goes online in network.
Let me know if you have any other questions/queries/concerns related to HDLP.
Thank you for answers, I have additional questions.
What are pricinciple differences between HDLP and Network DLP ? Can they work together or you have to pick one?
Are the above answers true for both DLP 3.0 and DLP 9.0 ? Do I need to purchase anything to upgrade from 3.0 to 9.0?
Remark for 1) and 3):
1) It works only in IE (web post rule). For other browsers - there is another rule "Application file protection rule" that is ineficient (capture file on its opening/attaching and actualy capture other files from folder opened in dialog box).
3) Everyone says about the impossibility capture encrypted messages, but how other DLP solutions do that (for example TrendMicro do that excelent)? McAfee should take measures...
Unless the keys are available for decryption and/or the solution has analyzed the contents before encryption, no product can read encrypted files.
Defeats the purpose of encryption.
You can block/disallow file transfer through Skype using Network Communication Protection Rule.
This rule works with Tags only.