Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
556 Views 3 Replies Latest reply: Aug 23, 2013 12:26 AM by Manish KS RSS
Hemant Koli Champion 361 posts since
Jun 27, 2011
Currently Being Moderated

Aug 14, 2013 1:44 AM

DLP system based policies

Hello Everyone.


I am using DLP & i have configured DLP policies to block USB(Mass Storage) & CD/DVD. I have applied this policy to everyone(User Based). User abc is a part of everyone.

Now if i have created a computer asignment group using policy catalog & i have unchecked all the rules & asigned to a system xyz. User abc logs in to system xyz, so the devices which were blocked by DLP policy will be accessible OR not? as we have configured the system based policy to unblock the devices for system xyz.


Thanks in Advance.

  • bshirish Newcomer 31 posts since
    Jan 19, 2012
    Currently Being Moderated
    1. Aug 14, 2013 1:58 AM (in response to Hemant Koli)
    Re: DLP system based policies

    Hello Hemant,


    As per your query only there should be no user in system base policy. you have to create one more policy to unblock the system and check that in assigned policy in system tree acording to your need that for system or for group


    hope this will help to reslove your query please post the query if you have any doubt.

  • vimalnavis McAfee SME 204 posts since
    Feb 23, 2010
    Currently Being Moderated
    2. Aug 20, 2013 11:44 AM (in response to Hemant Koli)
    Re: DLP system based policies

    The most restrictive rules will be in effect.

  • Manish KS The Place at McAfee Member 37 posts since
    Dec 25, 2012
    Currently Being Moderated
    3. Aug 23, 2013 12:26 AM (in response to Hemant Koli)
    Re: DLP system based policies

    HI Hemant,


    As you said you have user based dlp policy to block the Storage / CD DVD which is applied to everyone (all domain users), then why do you need again to apply that policy besd on system? If you want any user to not be effected by that policy you can simply exclude that username or if you are only bother about that system you can log in on that system as local user instead of domain user.  If you log in as domain user  the most restrictive rules will be in effect. as Vimal said and the storage device will get block.



More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points