We're currently using DLP 9.2 and ePO 4.5. Below are the steps I followed.
1) Modified the default Media Burner Application Definition to include our Media Burner Application
2) Created a Removable Storage Protection Rule & Enabled It
3) Selected Media Burner Application Definition with Block, Monitor, Notify User, Request Justification and Store Evidence.
4) Assigned Removable Storage Protection Rule to appropriate User Assignment Group.
However upon logging in the rule isn't applied at all. Could process strategy have anything to do with it?
I'm also wondering if the known compatibility issue below applies. We do enforce UAC and our user assignment group only has one domain group. Unfortunately I can't disable UAC to verify this is our issue.
540126 Issue: On Windows Vista and Windows 7 with User Account Control (UAC) turned on, if a user assignment group has only one domain group, protection rules do not work when you apply a policy to a member of the assignment group or log in as any member of the domain group.
Bump! This is exactly what I am experiencing as well. Any help from the experts?
I spoke with McAfee support and found out that monitoring all files written to a device isn't possible. You have to create classification rules for certain types of files (wildcards won't work) and then do tagging based on those classification rules.
I don't know how true that is @Mullenjm. I set up a protection rule and only had it monitor explorer.exe WHen writting files to a USB Device. It recorded each file that was moved to the device.
I would also like to do the same with CD/DVD, but I haven't been able to figure out how to define the internal Windows 7 burner.
CD/DVD drives modify the data as it's being written to disk and DLP is not able to track using a Removable Storage Protection rule. DLP can track using an application file access protection rule.
No problem. Glad I could help!
I am just now getting to testing the above. THe only part I don't fully understand yet. I can't enable the rule unless I have a content cateogry or tag. I don't understand the tags and cateogries under the definitions. Can you tell me a generic overview of this or point me into the direction to read on it ?
Any help is greatly appreciated
From the Product Guide -
Tags give you a method for classifying content and reusing that classification.
Tagging rules assign tags to content from specific applications or locations. Once assigned, the tag
stays with the content as it is moved or copied, or included in or attached to other files or file types.
Content categories, known as content tags in earlier versions of McAfee DLP Endpoint software, are
another way of classifying content. Content categories are used with classification rules to classify
content and registered document groups. They can also be specified directly in most protection rules.