1 2 Previous Next 15 Replies Latest reply on Mar 13, 2014 2:31 PM by mcafeebolscz

    EEFF not working in test ?

    mcafeebolscz

      Hi everyone.

       

       

      I am doing some test with EEFF 4.0. I'm using EPO 4.6.0. We have a domain and about 100 managed system. Most of them already have VSE, SiteAdvisor, DLP Endpoint deployed.

       

       

      We have valious information in .doc documents; some workers sent files to cloud (like OneDrive) just for working at home and we want prevent people can open that info (in home laptops or PC's), unless they use office laptop we provide them.

       

       

      For testing, i deployed EEFF 4.0 on a Windows 7 32x SP1 laptop and I modified "MyDefault" policies for :

       

       

      Grant Keys (I create a key and assign that to Grant Key policy)

      File Encryption (I associate process winword.exe and explorer.exe to ".doc" and ".docx" file extensions to be encrypted with the same key that I assign to Grant Keys)

      Folder Encryption ( I assign a Decrypt key for [Desktop] folder. Just for test.

       

       

      With Grant Keys and File Encryption i hope Mcafee EEFF could encrypt all files with extension that I associate and if one or more of them is sent, copied or transferred by any way to a non-office computer, it wouldn't be accesible because that computer haven't the key.

       

       

      Is this all ok? That is the way it should work?

       

       

      I am asking because that is what i am trying to do and it is not working. When i open a folder in office laptop, i see the files are encrypted (they have paidlock icon visible) but when i send them or copy by any vía, I can open it and view in any other computer and it don't appear encrypted.

       

       

      Is something I am doing wrong?

       

       

      Thanks in advance,

      CDR

        • 1. Re: EEFF not working in test ?

          sounds like it's working fine.

           

          remember, if you do something which reads a file, you need the key to decrypt it, but if you read a file, then output it in some other format the chances are you will loose the encryption. EEFF can only trap file writes, so creating a file, copying a file with explorer etc, that will all preserve encryption. Emailing a file, creating a DVD, uploading it to the web etc are all things you need Host DLP to protect against. 

           

          For example if you attach a file to an email - you didn't "copy" it to the recipient, you read it into an application and then converted it to a different format (MIME), so if you give outlook permission to read the file, you will lose the encryption.

           

          If you share a drive on a computer running EEFF, then there won't be any protection on that share over the network because when the file system reads the file after a network request, that's no different to you sitting in front of the machine trying to open the file - it will get decrypted if the key is in memory.

           

          computers sharing files should NOT have EEFF installed, only computers reading files.

          • 2. Re: EEFF not working in test ?
            mcafeebolscz

            Dear SafeBoot,

             

            Now I understand. It's absolutely right. But then, I think I am using a wrong product to do what I want to do. Now my question is, how can I protect certain files so they can't be accessed from other computer except office computer? Some users send files to cloud and then download it for working from home. But we don't want that files be a data loss menace.

             

            We are protecting some ways with DLP Endpoint like, prevent print-screen, prevent printing, prevent copied to Removable medias, and even prevent using clipboard; but, how can we allow they can send files to cloud (OneDrive, Dropbox, etc) for working from home, but not open or read in non-office computers or laptops from downloading from cloud, or received by e-mail?

             

            Thanks in advance.

            • 3. Re: EEFF not working in test ?
              Tushar Kotwal

              Create a firewall rule, rule type: Domain, at the top and enter the domain name like *dropbox.com. This will cause the firewall to drop any dns requests to that domain, effectively blocking it. also you can use the site advisor software  (ePO version) this software can block web sites.

              1 of 1 people found this helpful
              • 4. Re: EEFF not working in test ?
                mcafeebolscz

                User must be able to reach Dropbox and/or use it. The objective is do not download confidential documentation to a computers or laptops that do not belong organization.
                Thank you.

                • 5. Re: EEFF not working in test ?
                  eeffuser

                  HDLP and likely Network Data Loss Prevention can allow you to block files from being uploaded to Dropbox and other cloud based storage. But you say you need to allow users to use these services. The only thing I see is if the files are encrypted with EEFF, even if they can download from non office computers, they will not be able to access the data, unless of course if they have access to the EEFF keys from the non office computers. Also be advised that unless a process is explicitly blocked, it will be able to automatically decrypt the file (internet explorer, ms office, etc)

                   

                  Message was edited by: eeffuser on 3/10/14 10:12:15 PM CDT
                  • 6. Re: EEFF not working in test ?
                    mcafeebolscz

                    Dear eeffuser

                     

                    Thank you for idea. In fact, that was exactly I was trying to do with EEFF. But i have done some test with sending by email and the files arrives to non office computers without encryption. That was explained by SafeBoot just here. So, i am confused.

                     

                    If I have an encrypted ".doc" file and it is decrypted when it is posted to a webmail service (as Gmail), i think the same issue will hapen when users save that ".doc" files to Dropbox because they are uploaded and converted to other format. So, anyway, the file will arrive decrypted outside organization.

                     

                    Please, any help?  I repost SafeBoot answer here down. Thank you.

                     

                    SafeBoot escribió:

                     

                    sounds like it's working fine.

                     

                    remember, if you do something which reads a file, you need the key to decrypt it, but if you read a file, then output it in some other format the chances are you will loose the encryption. EEFF can only trap file writes, so creating a file, copying a file with explorer etc, that will all preserve encryption. Emailing a file, creating a DVD, uploading it to the web etc are all things you need Host DLP to protect against.

                     

                    For example if you attach a file to an email - you didn't "copy" it to the recipient, you read it into an application and then converted it to a different format (MIME), so if you give outlook permission to read the file, you will lose the encryption.

                     

                    If you share a drive on a computer running EEFF, then there won't be any protection on that share over the network because when the file system reads the file after a network request, that's no different to you sitting in front of the machine trying to open the file - it will get decrypted if the key is in memory.

                     

                    computers sharing files should NOT have EEFF installed, only computers reading files.

                    • 7. Re: EEFF not working in test ?
                      eeffuser

                      To test, you can try to add the web browser being used to access gmail or dropbox (for example iexplore.exe) to the excluded processes list. This should prevent decryption.

                      • 8. Re: EEFF not working in test ?
                        mcafeebolscz

                        I just try it. I send an encrypted file from Gmail using Chrome and I associate "chrome.exe" with "doc docx" files in "File Encryption"  settings but the file arrives decrypted to destination. Any ideas?

                         

                         

                         

                        eeff.jpg

                        • 9. Re: EEFF not working in test ?
                          eeffuser

                          Can you try in 'Encryption Options' instead and add the exe name to the Blocked Processes box?

                          1 2 Previous Next