Hello McAfee community,
I am currently configuring our DLP 9.2 agent to be deployed for the first time and i am coming across a couple of issues while creating the removable storage rules.
We have a lock down all USB's policy due to the sensitive nature of the data we have here. Anything that requires access is done by exception.
The way i have approached it (which could be the wrong way) is to create a removable storage device definition group with everything that we wish to lock down (ie USB's). Then when we need to unlock a specific device i create a new rule, add in the definition group then using the device ID have that excluded from the rule and hey presto, USB's are locked down except for this particular device for the specific assignment group.
This works great so long as no one is added to two different rules, otherwise each rule blocks the device that is being excluded by the other and nothing works!
Is there any way around this problem?
Thanks in advance,
I am asking myself the exact same thing. Does anybody have a useful solution? Because as it is, I'm forced to do one rule: block everything except a couple of devices.
Pls check kb60861, https://kc.mcafee.com/corporate/index?page=answerlink&url=0bc97397072bd71a8a439b 60a92c8cb6bcf890c2e2ab256f322dc909333977ca2e4ac972d4517969e6fd9a0339d92cf5becc06 79fb87ef69286a3a6b49db182936b651e55e05aaf4a4700df8ebfa7b45cc188202400ee991d5a6fa 5e3d533e66&answerid=16777217&searchid=1367172210273
It looks exclusion should be covered in same rule. Different rules relation is standlone, filters are not merged.
Pls check KB77051, a two rules solution.
4. Create two User Assignment Groups:
6. Create two Device Rules: