Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
409 Views 5 Replies Latest reply: Dec 12, 2013 10:36 PM by vimalnavis RSS
DimSys Newcomer 16 posts since
Nov 25, 2009
Currently Being Moderated

Dec 12, 2013 2:11 AM

Unable to exclude whitelisted applications from protection rule

HI!

We use Host DLP 9.2 Patch 2 (ePO 4.6.6). And we want to use Removable Storage File Access Protection Rules.

We have deployed rule with following conditions:

Connected device IS "All USB with NTFS-or-FAT"

Connected device IS NOT "Encrypted with McAfee Encryption"

The file being accessed IS any of: " '.EXE','.COM','.TMP', etc"

The following whitelisted applications will be excluded from this rule: "WhitelistApps".

 

In group WhitelistApps we add some applications: winword.exe, excel.exe.

 

 

As you can see we want to block access to TMP files because we have some reasons to consider this files as dangerous.

 

But if we try save Winword file (some.docx) direct to USB-drive, this operation is blocked by DLP.

 

In "Process Monitor" (from Sysinternals Suite) we see:

Process Name: winword.exe

Operation: CreateFile

Path: J:\734983746.tmp

Result: ACCESS DENIED

Detail: Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a

 

Does anybody have any idea, why whitelisted application does not excluded from blocking?

 

UPD. The problem persist on Windows 7 Ult SP1 and Windows XP Pro SP3. And with any application (not only winword.exe).

 

Regards.

 

Message was edited by: DimSys on 12/12/13 11:55:35 AM ALMT

 

Message was edited by: DimSys on 12/12/13 2:11:17 PM ALMT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points