5 Replies Latest reply on Jul 21, 2014 1:40 PM by vimalnavis

    Tagging not working when network disk is mapped

    newag

      Hello,

      I have very huge problem with my DLP. I have applied tagging rules to vulnerable data on some servers. For example FS1 which has IP address 192.168.0.1 and UNC path \\192.168.0.1\Data. Tagging rule work perfect when I access to server directly by this UNC path (cmd \\ip_address or by network neighborhood). When I mapped this path as network drive and assing for example X: drive letter, tagging rules suddenly stopping follow tagged file and don't save any logs in DLP Incident Manager. It's very annoying because in my environment all users have mapped drive from GPO and I can't secure my data using DLP tagging rules and retrieve information about files saved on removable USB media. Can anyone help me resolve this issue? 

       

      P.S. I have latest version of DLP

       

      Message was edited by: newag on 7/16/14 12:57:33 PM CEST
        • 1. Re: Tagging not working when network disk is mapped

          Can you 1. confirm that the file is tagged and 2. the file does not trigger a protection rule?

          • 2. Re: Tagging not working when network disk is mapped
            newag

            hmm can you tell me how I can check whether file is tagged or not? I think that if I add tag rule to entire server all files come from this server are tagged. And this rule works fine if I connect directly to server using network neighborhood or typing ip_address/hostname in run prompt. When path to this server is mapped as a network drive tagging rules not working. I wonder whether I have everything well configured but I think yes

            • 3. Re: Tagging not working when network disk is mapped

              I am not sure how you are determining that tagging is working if you are not sure how to check whether a file is tagged or not.

              In the Agent Configuration, under Manual tagging, use the Add option to add your ID, save and then if needed apply to ePO.

              Initiate an ASCI on the test machine, ensure that the new policy has been merged and log off and log back in.

              When you right click a file being tested (after downloading to the computer) right click and you should be able to access the tag information by clicking on Manual Tagging.

              • 4. Re: Tagging not working when network disk is mapped
                newag

                I know that I can use option manual tagging but I wouldn't use this. I would have default enable tagging on all file come from file servers. And I say again: when I access to this server through direct path \\server_name tagging working corretly and save logs about this operation. When I map this server as network drive tagging stopping store logs about this. It's looks like as DLP can't recognize files when source server is mapped as network drive instead of direct access.

                 

                 

                vimalnavis wrote:

                 

                I am not sure how you are determining that tagging is working if you are not sure how to check whether a file is tagged or not.

                I determining, that tagging working because I select entire server for tagging rule and all files come from should be tagged. I assume that DLP act properly because when I access throught UNC path logs are correctly saved in ePO as mentioned above.

                I really appreciate your help.

                • 5. Re: Tagging not working when network disk is mapped

                  You would want to reach out to McAfee Support to troubleshoot this issue.

                  I have not seen this happen in the past.

                   

                  Message was edited by: vimalnavis on 7/21/14 1:40:16 PM CDT
                  1 of 1 people found this helpful