5 Replies Latest reply: Dec 12, 2013 10:36 PM by vimalnavis RSS

    Unable to exclude whitelisted applications from protection rule



      We use Host DLP 9.2 Patch 2 (ePO 4.6.6). And we want to use Removable Storage File Access Protection Rules.

      We have deployed rule with following conditions:

      Connected device IS "All USB with NTFS-or-FAT"

      Connected device IS NOT "Encrypted with McAfee Encryption"

      The file being accessed IS any of: " '.EXE','.COM','.TMP', etc"

      The following whitelisted applications will be excluded from this rule: "WhitelistApps".


      In group WhitelistApps we add some applications: winword.exe, excel.exe.



      As you can see we want to block access to TMP files because we have some reasons to consider this files as dangerous.


      But if we try save Winword file (some.docx) direct to USB-drive, this operation is blocked by DLP.


      In "Process Monitor" (from Sysinternals Suite) we see:

      Process Name: winword.exe

      Operation: CreateFile

      Path: J:\734983746.tmp

      Result: ACCESS DENIED

      Detail: Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a


      Does anybody have any idea, why whitelisted application does not excluded from blocking?


      UPD. The problem persist on Windows 7 Ult SP1 and Windows XP Pro SP3. And with any application (not only winword.exe).




      Message was edited by: DimSys on 12/12/13 11:55:35 AM ALMT


      Message was edited by: DimSys on 12/12/13 2:11:17 PM ALMT