1 Reply Latest reply on Mar 1, 2017 11:47 AM by tao

    McAfee File & Folder Encryption

    azwanarif

      Hi Everyone,

       

      Currently we are evaluating Symantec File Share and found interesting information while testing in VM environment as below.

      Appreciate if someone can assist to provide information or guide related to file and folder protection which McAfee File and Removable Media Protection (FRP) have advantage compare with Symantec or other product. Thanks


      Customer Requirement:

      would like to be able to encrypt the file (office document) and be able to share it over the internet, email, Dropbox or any online solution without have to worry that the file will fall into a wrong hand.

       

      The recipient, have to install or can directly open the files with a password.

       

      Issue/Loophole:

      • Symantec loophole, user can copy/save encrypted file due to Symantec agent designed encrypted file that’s has been unlocked will stay unlocked until user logoff windows which is same concept as Disk Encryption.
      • Manual user creation/authentication is not possible at console even though server is synchronize with Active Directory.
      • AD is required for automated grouping by verified OU with requirement proper AD user assignment e.g. “Group Security” is a MUST and assigned with correct user
      • AD is required for authentication check e.g. initial user key initialization.
      • Manual grouping is possible as long user is initialize and registered at console
      • PGP policy is user based tied to “Groups” configured at console

       

      File Share Deployment:

      • Active Directory is required for automated grouping by verified OU with proper AD user assignment e.g. “Group Security” is a MUST and assigned with correct user
      • Active Directory is required for authentication check e.g. initial user key initialization.
      • Manual grouping without using AD group keys is possible, however user assigning (authenticated and registered with server) to the group is tidies and time consuming compare with Active Directory “Group Security”
      • Policy assigning is user based linked to “Groups” configured at “User”.
      • Group Key only visible at console/PGP server for authentication.
      • Designated share “File/Folder” will have to be encrypted by “one” user which will act as owner and assigned with Group key