New to DLP and am trying to get a handle on the rules and how they can be applied. I'm trying to find out if there is a way we can block access to data on systems if the client does not have a HDLP agent on it? This is how we would like to force compliance with the company policy.
Anyone know if this is possible or is this covered somewhere else and I should RTFM a little more than I currently have?
For HDLP, a agent must be installed, all actions are implemented by DLP agent.
Maybe NDLP is what you need, all its actions are based on monitoring network traffic, but it cannot blocks access to data inside a pc.
So to follow on from the above, I'm wondering if the DLP agent on the server can make a share available, where it is not shared natively via windows.
The reason for my questions is that the customer that is going to be installing HDLP has a lazy IT department and they avoid work as much as possible. The believe if it isnt broke dont touch it, so i need to break access to DLP controlled shares. They dont want to have the HDLP agent pushed automatically when a new system joins the domain, so I am trying to figure out how to block access to the DLP 'secured' data until the DLP agent is installed on the client machine.
If anyone has any ideas I'd be glad for the assistance
In my company, there are two parts of agent installation, McAfee agent and DLP agent. We use sccm to deply McAfee agent which is exported from EPO console, it will be installed automatically if sccm client detects there is no McAfee agent installed. And we use EPO to deploy DLP agent, automatically too. But you can define your way, one time at once / on schedule...
Also you can install McAfee agent from EPO, and same as deploy DLP agent you can define your way too.
There is no share for agent installation, and you can get it from above, no step needs a share.
We have all the automation setup but they may not want to use it. However the fix for our situation would be to use NAC and block access to the trusted network until compliant.