gww, thanks for your post. I think Brad summed up the situation, but to rehash a few critical points:
1. ClickProtect is off by default. As a casual observer, I would have interpreted your original post as implying that it was turned on by default or without your knowledge, which is never the case. Each customer should weigh the pros and cons of any security technology against their specific needs. We fully expect that ClickProtect will be too invasive for some users and exactly "what the dcotor ordered" for others. The same goes for many security technologies. Encryption, for example, has clear beneifts, yet not everyone uses it.
2. ClickProtect allows for various levels of protection that can be selected on a per policy basis. Some levels are less intrusive than others.
3. This functionality has been around for years and years. It hasn't always been this advanced, but URL re-writing has been around for a long time and...
4. I'm not aware of a single instance where a URL re-write for the purposes of threat detection has resulted in a spoliation claim. The fact is that many threats now arrive in the form of a URL rather than a file attachment. Stripping file attachments has been a widely accepted practice for years and amounts to basically the same things as a URL re-write. Given the risks and losses that business see every year due to phishing attacks, I would expect this to be considered a "reasonable" measure for business to take to protect their networks from data leakage and all other manner of bad things.
Sr. Product Manager
Notice: The information contained herein is for informational purposes only and should not be deemed an offer by McAfee or create an obligation on McAfee. McAfee reserves the right to discontinue products at any time, add or subtract features or functionality, or modify its products, at its sole discretion, without notice and without incurring further obligations.
We've been using Click Protect for a while now and contrary to your statement in #4 above and I have multiple examples where CP causes spoliation. These range in severity. Some instances cause Click Protect to result in a page not able to be scanned resulting in an "ERROR VALIDATING WEB ADDRESS" message. Others result in a 404 message on the far end website. Sometimes we've seen "one time use" URLs, as used with reseting passwords, resulting in an error because the scanning of the URL invalidates any future use of the URL. I believe there needs to be some sort of tool introduced to allow users (or at least administrators) to allow Click Protect to remain in place and functioning, but when faced with a URL that has issues, to be able to "decrypt" the URL and see the original unaltered version. I think of this similar to the way a bit.ly link can be decrypted would be ideal.
FSU College of Medicine