3 Replies Latest reply on Sep 27, 2016 8:18 AM by SafeBoot

    FRM 5.0 with Outlook

    watarus

      Hi everyone,

       

      I use File and Remove Media Protection(FRM) 5.0 to protect the data to allow only machine on my company can view encrypted file. But when i send a encrypted file to outside use web mail or mail client(outlook), it will automatic decrypt file and send it in plain text. 

       

      I wonder why a encrypt solution to protect confidential of data will send encrypted file to plaint text??? It make no sense, so i find another way to remain file encrypted when send to outside use Block Process function although I must add the process manually on ePO policy.

       

      But I confront another issue when I attach files to Outlook, it say "Cannot find this file. Verify the path and filename are correct", the issue already mention on KB86048 on December 2015, nearly a year now but it not fix yet so it impossible to remain encrypt when send email use Outlook. I fell very disappointed.

       

      Is this hard to add function to remain the encrypted state when send file to outsite?? . Anyone has any solution about this issue?

       

      Regards,

        • 1. Re: FRM 5.0 with Outlook

          It's FRP, not FRM ;-) You'll have trouble finding content in the KC using FRM as a keyword.

           

          FRP 5.0.2 was released a week or so ago - although I can't see specific mention of this issue, you might want to check it out. AFAIK the problem you experience is not general - it doesn't happen to everyone and is not easily reproducible.

           

          https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 26000/PD26599/en_US/frp_502_release_note…

           

          As to why it happens - FRP is a file protection product. When you attach a file to an email, you're not copying a file to another location, you're instructing one application to read the data, and then that application sends the data somewhere else.

           

          Like Word opening a document - you'd expect Word to get the plaintext version of an encrypted file - so why would you expect Outlook to do something different?

           

          Regardless you can set Outlook as a bypass app, then it will see the encrypted file, not the plain text file.

           

          There are easy solutions to your problems - contact your Platinum support team, they will be able to help you out.

           

          https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 25000/PD25077/en_US/frp_430_best_practic…

           

          Finally, many companies don't allow sending of encrypted email attachments, because then those attachments can't be scanned for forbidden content. Also, many companies don't allow encrypted content to be received, for the same reason.

           

          Encrypted email is a completely different product category, requiring shared keys, PKI and other technology - though FRP provides some methods to share encrypted content, that's not what the product was really designed for - it's a data-at-rest security solution.

          • 2. Re: FRM 5.0 with Outlook
            watarus

            Hi SafeBoot,

             

            Thanks for your reply, Does the main purpose of FRP is protect the confidential data can only view by right people? If it operate like that, it very easy to send the file for everyone to read, what do you encrypt for? I want to protect the encrypted content to allow only machine on my company can view encrypted file, it very common demand for many people. Do you know if the product manager has any concern to add the remain encrypt function in near future?

             

            So you say the problem when attach file to Outlook is not common?  I use FRP 5.0.2, I only check it on one machine, I will check another machine to see whether the problem happen or not?

            • 3. Re: FRM 5.0 with Outlook

              FRP is for data at rest - it stops someone who has access to the physical file, perhaps due to admin rights, from reading the file. Though it has helpful functions, like automatically encrypting file stored in certain folders, or on removable devices, it's meant to be used by a supportive user base who understand what to protect, and when to protect it.

               

              Stopping the accidental (or deliberate) transmission of data comes under the category Data Leakage Prevention - there's a whole other suite of products designed to address that problem. Your McAfee representative can help you understand that - or you can read about them on our website:

               

              Data Protection and Security - Data Loss Prevention (DLP) | Intel Security Products

               

              Remember, attaching a file to an email and sending it is no different to printing the file and posting it - you are translating the data into another format using an application that you have given permission to access that data.

               

              If you don't want Outlook to be able to send encrypted files, just follow the instructions in the admin guide for FRP to block Outlook from decryption - then your email attachments will always be encrypted.