Transcription
McAfee Cloud Data Protection Beta Release 21-Mar-2017Product GuideRevision AMcAfee Data Loss Prevention 11.0.0For use with McAfee ePolicy Orchestrator
McAfee Cloud Data Protection Beta Release 21-Mar-2017COPYRIGHT 2017 Intel CorporationTRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.LICENSE INFORMATIONLicense AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.2McAfee Data Loss Prevention 11.0.0Product Guide
McAfee Cloud Data Protection Beta Release 21-Mar-2017ContentsPreface11About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Product overview1111111213What is McAfee DLP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Key features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14How it works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14McAfee DLP Endpoint and McAfee Device Control — Controlling endpoint content and removable media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16How the client software works . . . . . . . . . . . . . . . . . . . . . . . . .17McAfee DLP Endpoint on the Microsoft Windows platform . . . . . . . . . . . . . . . 18McAfee DLP Endpoint on the OS X platform . . . . . . . . . . . . . . . . . . . . 19McAfee DLP Discover — Scanning files, repositories, and databases . . . . . . . . . . . . .20Supported repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . .20Types of scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21McAfee DLP Prevent — Protecting email and web traffic . . . . . . . . . . . . . . . . . . 21Protecting email traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . .22Protecting web traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22McAfee DLP Monitor — Analyzing network traffic . . . . . . . . . . . . . . . . . . . . . 23Supported protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23McAfee DLP Prevent for Mobile Email — Protecting mobile email . . . . . . . . . . . . . . . 24Interaction with other McAfee products . . . . . . . . . . . . . . . . . . . . . . . . . 24Deployment and installation2Planning your deployment27Basic McAfee DLP implementation . . . . . . . . . . . . . . . . . . . . . . . . . . .Deployment options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .McAfee DLP Endpoint or Device Control options . . . . . . . . . . . . . . . . . .McAfee DLP Discover options . . . . . . . . . . . . . . . . . . . . . . . . . .McAfee DLP Prevent options . . . . . . . . . . . . . . . . . . . . . . . . . .McAfee DLP Prevent for Mobile Email requirements . . . . . . . . . . . . . . . . .McAfee DLP Monitor options . . . . . . . . . . . . . . . . . . . . . . . . . .Deployment scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Synchronizing McAfee DLP and McAfee Endpoint Health Check with McAfee ePO Cloud . . .Deploying McAfee DLP Endpoint in Citrix environments . . . . . . . . . . . . . . .Running McAfee Device Control on air-gapped computers . . . . . . . . . . . . . .Planning your DLP policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .McAfee DLP workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . .The McAfee DLP protection process . . . . . . . . . . . . . . . . . . . . . . .Policy workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Best practice McAfee DLP Discover workflow . . . . . . . . . . . . . . . . . . . .McAfee Data Loss Prevention 11.0.027282828292929303031313232333637Product Guide3
ContentsMcAfee Cloud Data Protection Beta Release 21-Mar-2017Shared policy components . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Default ports used by McAfee DLP . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Deployment checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403Installing McAfee DLP43Download product extensions and installation files . . . . . . . . . . . . . . . . . . . .Install and license the McAfee DLP extension . . . . . . . . . . . . . . . . . . . . . .Install the extension using the Software Manager . . . . . . . . . . . . . . . . . .Install the extension manually . . . . . . . . . . . . . . . . . . . . . . . . .License McAfee DLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Applying backward compatibility . . . . . . . . . . . . . . . . . . . . . . . .Convert policies and migrate data . . . . . . . . . . . . . . . . . . . . . . . .Install the McAfee DLP Endpoint and Device Control client software . . . . . . . . . . . . .Install the McAfee DLP Discover server package . . . . . . . . . . . . . . . . . . . . .Considerations for upgrading McAfee DLP Discover . . . . . . . . . . . . . . . . .Install or upgrade the server package using McAfee ePO . . . . . . . . . . . . . . .Install or upgrade the server package manually . . . . . . . . . . . . . . . . . .Verify the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Install your McAfee DLP appliance . . . . . . . . . . . . . . . . . . . . . . . . . . .Install the extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure network information . . . . . . . . . . . . . . . . . . . . . . . . .Connect Capture port 0 to your network McAfee DLP Monitor only) . . . . . . . . . . .Install the software on a virtual appliance . . . . . . . . . . . . . . . . . . . . .Install the software on a hardware appliance . . . . . . . . . . . . . . . . . . .Run the Setup Wizard and register with McAfee ePO . . . . . . . . . . . . . . . .Install the McAfee DLP Prevent for Mobile Email server package . . . . . . . . . . . . . . .Post-installation tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . guration and use4Configuring system components63Configuring McAfee DLP in the Policy Catalog . . . . . . . . . . . . . . . . . . . . . .Import or export the McAfee DLP Endpoint configuration . . . . . . . . . . . . . . .Client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Support for client configuration parameters . . . . . . . . . . . . . . . . . . . .Configure client settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure server settings . . . . . . . . . . . . . . . . . . . . . . . . . . .Protecting files with rights management . . . . . . . . . . . . . . . . . . . . . . . .How McAfee DLP works with rights management . . . . . . . . . . . . . . . . . .Supported RM servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Define a Rights Management server . . . . . . . . . . . . . . . . . . . . . . .Documenting events with evidence . . . . . . . . . . . . . . . . . . . . . . . . . .Using evidence and evidence storage . . . . . . . . . . . . . . . . . . . . . . .Creating evidence folders . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure evidence folder settings . . . . . . . . . . . . . . . . . . . . . . . .Controlling assignments with users and permission sets . . . . . . . . . . . . . . . . . .REST API for importing definitions and applying policies . . . . . . . . . . . . . . .Create end-user definitions . . . . . . . . . . . . . . . . . . . . . . . . . . .Assigning McAfee DLP permission sets . . . . . . . . . . . . . . . . . . . . . .Create a McAfee DLP permission set . . . . . . . . . . . . . . . . . . . . . . .Control access to McAfee DLP appliance features . . . . . . . . . . . . . . . . . . . . .Restrict users from viewing appliances in the System Tree . . . . . . . . . . . . . .Allow users to edit the policy . . . . . . . . . . . . . . . . . . . . . . . . . .Control access to Appliance Management features . . . . . . . . . . . . . . . . .Working with McAfee DLP policies . . . . . . . . . . . . . . . . . . . . . . . . . . .Set connection timeout settings . . . . . . . . . . . . . . . . . . . . . . . . .4McAfee Data Loss Prevention 818282Product Guide
ContentsMcAfee Cloud Data Protection Beta Release 21-Mar-2017Set up a cluster of McAfee DLP Prevent appliances . . . . . . . . . . . . . . . . .Close the appliance SMTP ports . . . . . . . . . . . . . . . . . . . . . . . . .Specify a maximum level of nesting of archived attachments . . . . . . . . . . . . .Add additional MTAs that can deliver email . . . . . . . . . . . . . . . . . . . .Deliver emails using a round-robin approach . . . . . . . . . . . . . . . . . . . .Limiting connections to specified hosts or networks . . . . . . . . . . . . . . . . .Enable TLS on incoming or outgoing messages . . . . . . . . . . . . . . . . . . .Configure McAfee DLP Prevent to scan encrypted web traffic only . . . . . . . . . . .Close the McAfee DLP Prevent appliance ICAP ports . . . . . . . . . . . . . . . . .Enable a McAfee DLP Prevent appliance to process response requests . . . . . . . . .Using external authentication servers . . . . . . . . . . . . . . . . . . . . . .The Common Appliance Management policy . . . . . . . . . . . . . . . . . . . .Edit the Email Gateway policy to work with McAfee DLP Prevent . . . . . . . . . . . .Integrate McAfee DLP Prevent in your web environment . . . . . . . . . . . . . . .McAfee ePO features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Protecting removable media97Protecting devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Managing devices with device classes . . . . . . . . . . . . . . . . . . . . . . . . .Define a device class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Obtain a GUID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a device class . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Organizing devices with device templates . . . . . . . . . . . . . . . . . . . . . . .Working with device templates . . . . . . . . . . . . . . . . . . . . . . . . .Device properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Device control rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a removable storage device rule . . . . . . . . . . . . . . . . . . . . .Create a plug-and-play device rule . . . . . . . . . . . . . . . . . . . . . . .Create a removable storage file access device rule . . . . . . . . . . . . . . . . .Create a fixed hard drive device rule . . . . . . . . . . . . . . . . . . . . . .Create a Citrix device rule . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a TrueCrypt device rule . . . . . . . . . . . . . . . . . . . . . . . . .Removable storage file access rules . . . . . . . . . . . . . . . . . . . . . . . . . .6Classifying sensitive 13115Components of the Classification module . . . . . . . . . . . . . . . . . . . . . . . .Using classifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Classifying by file destination . . . . . . . . . . . . . . . . . . . . . . . . .Classifying by file location . . . . . . . . . . . . . . . . . . . . . . . . . . .Text extraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How McAfee DLP Endpoint categorizes applications . . . . . . . . . . . . . . . . .Classification definitions and criteria . . . . . . . . . . . . . . . . . . . . . . . . .Dictionary definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Advanced pattern definitions . . . . . . . . . . . . . . . . . . . . . . . . .Classifying content with document properties or file information . . . . . . . . . . .Application templates . . . . . . . . . . . . . . . . . . . . . . . . . . . .Manual classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Embedded properties . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure manual classification . . . . . . . . . . . . . . . . . . . . . . . .Registered documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Manual registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Automatic registration . . . . . . . . . . . . . . . . . . . . . . . . . . . .Whitelisted text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create and configure classifications . . . . . . . . . . . . . . . . . . . . . . . . . .Create a classification . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create classification criteria . . . . . . . . . . . . . . . . . . . . . . . . . .McAfee Data Loss Prevention roduct Guide5
ContentsMcAfee Cloud Data Protection Beta Release 21-Mar-2017Upload registered documents . . . . . . . . . . . . . . . . . . . . . . . . .Upload files to whitelist text . . . . . . . . . . . . . . . . . . . . . . . . . .Export a classification . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure classification components for McAfee DLP Endpoint . . . . . . . . . . . . . . .Create content fingerprinting criteria . . . . . . . . . . . . . . . . . . . . . .Use case: Application-based fingerprinting . . . . . . . . . . . . . . . . . . . .Assign manual classification permissions . . . . . . . . . . . . . . . . . . . . .Use case: Manual classification . . . . . . . . . . . . . . . . . . . . . . . . .Create classification definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a general classification definition . . . . . . . . . . . . . . . . . . . . .Create or import a dictionary definition . . . . . . . . . . . . . . . . . . . . .Create an advanced pattern . . . . . . . . . . . . . . . . . . . . . . . . . .Create a URL list definition . . . . . . . . . . . . . . . . . . . . . . . . . .Use case: Integrate Titus client with third-party tags . . . . . . . . . . . . . . . . . . .Use case: Integrate Boldon James Email Classifier with classification criteria . . . . . . . . .7Protecting sensitive content141Creating policies with rule sets . . . . . . . . . . . . . . . . . . . . . . . . . . . .Synchronizing rule sets with McAfee ePO Cloud . . . . . . . . . . . . . . . . . .Create rule definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a network port range . . . . . . . . . . . . . . . . . . . . . . . . . .Create a network address range . . . . . . . . . . . . . . . . . . . . . . . .Create an email address list definition . . . . . . . . . . . . . . . . . . . . . .Create a network printer definition . . . . . . . . . . . . . . . . . . . . . . .Defining rules to protect sensitive content . . . . . . . . . . . . . . . . . . . . . . .Defining rules by reputation . . . . . . . . . . . . . . . . . . . . . . . . . .Protecting data-in-use . . . . . . . . . . . . . . . . . . . . . . . . . . . .Device control rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Discovery rules in McAfee DLP Endpoint and in McAfee DLP Discover . . . . . . . . .Application control rules . . . . . . . . . . . . . . . . . . . . . . . . . . .Whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Customizing end-user messages . . . . . . . . . . . . . . . . . . . . . . . . . . .Reactions available for rule types . . . . . . . . . . . . . . . . . . . . . . . . . . .Create and configure rules and rule sets . . . . . . . . . . . . . . . . . . . . . . . .Create a rule set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Assign rule sets to policies . . . . . . . . . . . . . . . . . . . . . . . . . .Enable, disable, or delete rules . . . . . . . . . . . . . . . . . . . . . . . . .Back up and restore policy . . . . . . . . . . . . . . . . . . . . . . . . . .Configure rule or rule set columns . . . . . . . . . . . . . . . . . . . . . . .Create a justification definition . . . . . . . . . . . . . . . . . . . . . . . . .Create a notification definition . . . . . . . . . . . . . . . . . . . . . . . . .Rule use cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Use case: Removable storage file access device rule with a whitelisted process . . . . .Use case: Set a removable device as read-only . . . . . . . . . . . . . . . . . .Use case: Block and charge an iPhone with a plug-and-play device rule . . . . . . . .Use case: Prevent burning sensitive information to disk . . . . . . . . . . . . . . .Use case: Block outbound messages with confidential content unless they are sent to aspecified domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Use case: Allow a specified user group to send credit information . . . . . . . . . . .Use case: Classify attachments as NEED-TO-SHARE based on their destination . . . . .8Scanning data with McAfee DLP Endpoint 172175Protecting files with discovery rules . . . . . . . . . . . . . . . . . . . . . . . . . . 175How discovery scanning works . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Find content with the Endpoint Discovery crawler . . . . . . . . . . . . . . . . . . . . 1776McAfee Data Loss Prevention 11.0.0Product Guide
ContentsMcAfee Cloud Data Protection Beta Release 21-Mar-2017Create and define a discovery rule . . . . . . . . . . . . . . . . . . . . . . .Create a scheduler definition . . . . . . . . . . . . . . . . . . . . . . . . .Set up a scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Use case: Restore quarantined files or email items . . . . . . . . . . . . . . . . .9Scanning data with McAfee DLP Discover177178178179181Choosing the scan type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How inventory scans work . . . . . . . . . . . . . . . . . . . . . . . . . .How classification scans work . . . . . . . . . . . . . . . . . . . . . . . . .How remediation scans work . . . . . . . . . . . . . . . . . . . . . . . . .How registration scans work . . . . . . . . . . . . . . . . . . . . . . . . . .Scan considerations and limitations . . . . . . . . . . . . . . . . . . . . . . . . . .Repositories and credentials for scans . . . . . . . . . . . . . . . . . . . . . . . . .Using definitions and classifications with scans . . . . . . . . . . . . . . . . . . . . .Using rules with scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure policy for scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create definitions for scans . . . . . . . . . . . . . . . . . . . . . . . . . .Create rules for remediation scans . . . . . . . . . . . . . . . . . . . . . . .Configure a scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure an inventory scan . . . . . . . . . . . . . . . . . . . . . . . . . .Configure a classification scan . . . . . . . . . . . . . . . . . . . . . . . . .Configure a remediation scan . . . . . . . . . . . . . . . . . . . . . . . . .Configure a registration scan . . . . . . . . . . . . . . . . . . . . . . . . .Perform scan operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Scan behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Analyzing scanned data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How McAfee DLP Discover uses OLAP . . . . . . . . . . . . . . . . . . . . . .Viewing scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Analyze scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . .View inventory results . . . . . . . . . . . . . . . . . . . . . . . . . . . 97198199199199200201202Monitoring and reporting10Incidents and operational events205Monitoring and reporting events . . . . . . . . . . . . . . . . . . . . . . . . . . .DLP Incident Manager/DLP Operations . . . . . . . . . . . . . . . . . . . . . . . . .How the Incident Manager works . . . . . . . . . . . . . . . . . . . . . . . .Working with incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . .View incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Sort and filter incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure column views . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure incident filters . . . . . . . . . . . . . . . . . . . . . . . . . . .View incident details . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Manage incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Update a single incident . . . . . . . . . . . . . . . . . . . . . . . . . . .Update multiple incidents . . . . . . . . . . . . . . . . . . . . . . . . . . .Email selected events . . . . . . . . . . . . . . . . . . . . . . . . . . . .Manage labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Working with cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Manage cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .View case information . . . . . . . . . . . . . . . . . . . . . . . . . . . .Assign incidents to a case . . . . . . . . . . . . . . . . . . . . . . . . . . .Move or remove incidents from a case . . . . . . . . . . . . . . . . . . . . . .Update cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Add or remove labels to a case . . . . . . . . . . . . . . . . . . . . . . . . .McAfee Data Loss Prevention 6216216217217217218219Product Guide7
ContentsMcAfee Cloud Data Protection Beta Release 21-Mar-2017Delete cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11Collecting and managing data221Edit server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a Purge events task . . . . . . . . . . . . . . . . . . . . . . . . . .Create an Automatic mail Notification task . . . . . . . . . . . . . . . . . . . .Create a Set Reviewer task . . . . . . . . . . . . . . . . . . . . . . . . . .Create an incident synchronization task with McAfee ePO Cloud . . . . . . . . . . .Monitor task results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Creating reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Report types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Report options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Predefined dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a data rollup server task . . . . . . . . . . . . . . . . . . . . . . . .12220McAfee DLP appliances logging and t reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .McAfee DLP appliance events . . . . . . . . . . . . . . . . . . . . . . . . .Using syslog with McAfee DLP appliances . . . . . . . . . . . . . . . . . . . .Monitoring system health and status . . . . . . . . . . . . . . . . . . . . . . . . .Appliance Management dashboard . . . . . . . . . . . . . . . . . . . . . . .The system health cards . . . . . . . . . . . . . . . . . . . . . . . . . . .View the status of an appliance . . . . . . . . . . . . . . . . . . . . . . . .Download MIBs and SMI files . . . . . . . . . . . . . . . . . . . . . . . . .229229231233233233234234Maintenance and troubleshooting13McAfee DLP Endpoint Diagnostics237Diagnostic Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Checking the agent status . . . . . . . . . . . . . . . . . . . . . . . . . .Run the Diagnostic Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . .Tuning policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14McAfee DLP appliance maintenance and troubleshooting241Managing with the McAfee DLP appliance console . . . . . . . . . . . . . . . . . . . .Accessing the appliance console . . . . . . . . . . . . . . . . . . . . . . . . . . .Change original network settings . . . . . . . . . . . . . . . . . . . . . . . . . . .Modify speed and duplex settings for hardware appliances . . . . . . . . . . . . . . . . .Managing hardware appliances with the RMM . . . . . . . . . . . . . . . . . . . . . .Configure the RMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Run the Setup Wizard using the remote KVM service . . . . . . . . . . . . . . . .Best practice: Securing the RMM . . . . . . . . . . . . . . . . . . . . . . . .Upgrading an appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Apply a patch or hotfix using the internal install image . . . . . . . . . . . . . . .Upgrading the appliance using a CD . . . . . . . . . . . . . . . . . . . . . . .Upgrade the appliance using a USB drive . . . . . . . . . . . . . . . . . . . .Restart the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Reset the appliance to its factory defaults . . . . . . . . . . . . . . . . . . . . . . .Log off the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .McAfee DLP Prevent does not accept email . . . . . . . . . . . . . . . . . . . . . . .Replace the default certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . .Regenerate the appliance's private key . . . . . . . . . . . . . . . . . . . . .Error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a Minimum Escalation Report (MER) . . . . . . . . . . . . . . . . . . . . . . .8McAfee Data Loss Prevention 6246246246247247247249249251Product Guide
ContentsMcAfee Cloud Data Protection Beta Release 21-Mar-2017AGlossary253Index257McAfee Data Loss Prevention 11.0.0Product Guide9
ContentsMcAfee Cloud Data Protection Beta Release 21-Mar-201710McAfee Data Loss Prevention 11.0.0Product Guide
McAfee Cloud Data Protection Beta Release 21-Mar-2017PrefaceThis guide provides the information you need to work with your McAfee product.ContentsAbout this guideFind product documentationAbout this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.AudienceMcAfee documentation is carefully researched and written for the target audience.The information in this guide is intended primarily for: Administrators — People who implement and enforce the company's security program. Security officers — People who determine sensitive and confidential data, and define thecorporate policy that protects the company's intellectual property.ConventionsThis guide uses these typographical conventions and icons.ItalicTitle of a book, chapter, or topic; a new term; emphasisBoldText that is emphasizedMonospaceCommands and other text that the user types; a code sample; a displayed messageNarrow BoldWords from the product interface like options, menus, buttons, and dialog boxesHypertext blue A link to a topic or to an external websiteNote: Extra information to emphasize a point, remind the reader of something, orprovide an alternative methodTip: Best practice informationCaution: Important advice to protect your computer system, software installation,network, business, or dataWarning: Critical advice to prevent bodily harm when using a hardware productMcAfee Data Loss Prevention 11.0.0Product Guide11
PrefaceFind product documentationMcAfee Cloud Data Protection Beta Release 21-Mar-2017Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.Task121Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.2In the Knowledge Base pane under Content Source, click Product Documentation.3Select a product and version, then click Search to display a list of documents.McAfee Data Loss Prevention 11.0.0Product Guide
McAfee Cloud Data Protection Beta Release 21-Mar-20171Product overviewData loss occurs when confidential or private information leaves the enterprise as a result ofunauthorized communication through channels such as applications, physical devices, or networkprotocols. McAfee Data Loss Prevention (McAfee DLP) identifies and protects data within your network. McAfeeDLP helps you understand the types of data
What is McAfee DLP?.13 Key features.14 How it works.14 McAfee DLP Endpoint and McAfee Device Control — Controlling endpoint content and removable media . Whitelisted text.129 Create and configure classifications.129 Create a classification.129 Create classification criteria.130 McAfee Cloud Data Protection Beta .
