Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1190 Views 2 Replies Latest reply: Feb 6, 2013 6:05 PM by ckhuat RSS
ckhuat Newcomer 21 posts since
Feb 6, 2013
Currently Being Moderated

Feb 6, 2013 3:16 PM

DLP 9.2 & Computer assignment groups policy

I tried to use Computer assignmnet goups policy, but it didn't work.  Can someone help me with this?  Do you need to set any thing on DLP server or DLP Policy beside assigning policies to a particular group?  Thanks.

  • alexn Veteran 722 posts since
    Aug 9, 2012
    Currently Being Moderated
    1. Feb 6, 2013 3:35 PM (in response to ckhuat)
    Re: DLP 9.2 & Computer assignment groups policy

    This is an example to creat a policy and apply on a group:

     

     

    In the Menu> Data Protection>  DLP Policy widget, Device rules,

    add new removable storage device rule,

    call it "monitor all removable storage devices", include all devices, exclude nothing,

    click nexxt, select Monitor online/offline , next. 

    ;finish. 

    Make sure the rule is Enabled (which ironically you verify by the disable button being available near the top),

    and press Apply near the upper left to crap the policy out to the ePO. 

     

    Then, in ePO, in your system tree,  under the sub group you wanna test this on,    go to policies,  DLP policies,  ... Duplicate the default Data Loss Prevention Computer Assignment group policy to a new DLP policy that adds the name "policies activated" to it (e.g name the copy McAfee Default Computers Assignment Group (policies activated)  ) , edit settings on this new policy, checkmark "logged in user" and "local user"  for the rule "monitor all removable storage devices." (assuming you took my naming advice in paragraph 2).     Click save,   do a wake up agents on the hosts that are in the system tree under where you added this policy.    Plug in some usb cruft into one of the hosts that's in this test subgroup where you've created this policy.  Do another wake up agents on those hosts to compel the epo agent on the clients to push the dlp agent events up to epo, then in ePO Menu> Data Protection>  DLP Monitor, wait a few minutes, refresh, and hope to see some  "plug" events.   

     

    If you access ePO with a web browser on a machine that's not the ePO server, if Menu> Dataprotection> DLP Monitor doesn't come up for you and gives you WCF errors and the like,  check the  (Menu>data protection> DLP Monitor> Tools> Options>  WCF service path) and be sure the URL is  pointing to ePO's hostname rather than local host.


    Post Timings: 6.00 AM to 3.00PM PDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points