0 Replies Latest reply on Jun 12, 2013 1:03 AM by kmcin11

    McAfee DLP Exceptions do not work for encrypted devices

    kmcin11

      Hi,

       

      We recently added DLP to our McAfee instance to inhibit users from using external USB and FireWire devices, but have an exception policy where I add devices by either VID/PID, Device Serial Number, or Volume Number for devices which are allowed by managerial policy. All works great for cameras and any USB devices that are not encryptable, but when I add any devices which are FIPS compliant, I am not able to access these, no matter how I add them.

       

      As an example, I have a BUSlink Ciphershield USB Device with VID 0CAF and PID 2773 here, but access is denied regardless of whether I add this device through VID/PID, only VID, or Device Serial Number, Device Instance ID, or even device name.

       

      Does anyone have a suggestion as to how I can add such devices to the policy so that they are accessible for users?

       

      Any help will be greatly appreciated.

       

      K

       

      P.S.:

      Let me add that this particular device includes hardware encryption, a firewire key which plugs in to the front of the drive. There is no change in VID/PID or any other information on a machine on which DLP is not installed and where the drive is accessible.

       

       

      Message was edited by: kmcin11 on 6/11/13 7:04:19 PM CDT

       

      Message was edited by: kmcin11 on 6/12/13 1:03:39 AM CDT