Norway


There may be some requirement to apply DLP Device Protection Policy to the endpoint machines like USB complete allow, USB complete block, USB Read only, etc. for one day or one or one month. Currently there is no option in the DLP or McAfee Agent to create a DLP Policy for based.

 

But the same can be implemented using System tags and Server task in the ePO. Below are the steps to be followed:

  1. Create a tag with no criteria and apply to the machines.

  2. Create a Policy Assignment Rules – With a rule stating that machines with the tag (newly created) should be applied with required DLP policy.

  3. Create a Query – To identify the machines applied with Tag.

  4. Create a Server task – Task to clear the tag in the machines at specified time.

Example: Allow USB access to 5 machines for a week.

Step 1: Create a tag with no criteria and apply to the machines.

  • Created a new tag with no criteria selected. Named as – “USB Allow – 1 week

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 3 - How to configure Time Based DLP Policies using … |McAfee Community

  • Applied to 5 machines in the system tree

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 4 - How to configure Time Based DLP Policies using … |McAfee Community

Step 2: Create a Policy Assignment Rules – With a rule stating that machines with the tag (newly created) should be applied with required DLP policy.

  • Select the Policy Assignment Rules from ePO Menu

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 5 - How to configure Time Based DLP Policies using … |McAfee Community

  • Name the Policy Assignment Rule as – “USB Allow – 1 Week

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 6 - How to configure Time Based DLP Policies using … |McAfee Community

  • Assign the required policy in the rule – “McAfee Everything Allow

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 7 - How to configure Time Based DLP Policies using … |McAfee Community

  • Give the Criteria as machines with Tag – “USB Allow – 1 week

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 8 - How to configure Time Based DLP Policies using … |McAfee Community

  • Below rule will enable USB access to all the machines which are applied with the tag.

NOTE: Policy assignment through Policy Assignment Rules takes the priority against policy applied on system tree node level. How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 9 - How to configure Time Based DLP Policies using … |McAfee Community

  • There can be multiple rule created in Policy Assignment Rules with its own priority.

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 10 - How to configure Time Based DLP Policies using … |McAfee Community

Step 3: Create a Query – To identify the machines applied with Tag.

  • Create a Query in the Queries & Reports

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 11 - How to configure Time Based DLP Policies using … |McAfee Community Note: Chart type should be Table if other type is select it cannot be used in Server task.How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 12 - How to configure Time Based DLP Policies using … |McAfee Community

  • In Filter, Again give the criteria as machines with Tag – “USB Allow – 1 Week

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 13 - How to configure Time Based DLP Policies using … |McAfee Community

  • Once you execute the query you will be able to see the machines with tag applied. In the example, 5 Machines will be showed in the output

 

Step 4: Create a Server task – Task to clear the tag in the machines at specified time.

  • Create a new Server task.

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 14 - How to configure Time Based DLP Policies using … |McAfee Community

  • Name the Server task. – Clear Tag : Weekly

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 15 - How to configure Time Based DLP Policies using … |McAfee Community

  • In the action, select the Run Query in the first action and clear tag option in the sub-action.

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 16 - How to configure Time Based DLP Policies using … |McAfee Community

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 17 - How to configure Time Based DLP Policies using … |McAfee Community

  • The motto of this server task: Machines with the tag will be enabled with the required DLP policy and the same should be disabled after 1 week. By this Server task the tag will be removed automatically after 1 week.

How to configure Time Based DLP Policies using ... |McAfee Community - pastedImage 18 - How to configure Time Based DLP Policies using … |McAfee Community

 

Above steps can be modified as per the requirement by changing the Tag name, Query name, and Server task name. For example, 3 different tag can be created like 1 day, 1 week and 1 month and server task for the same running accordingly like Clear tag : 1 day – deleting the tag daily, Clear tag : 1 week – deleting the tag weekly and Clear tag : 1 month – deleting the tag monthly.



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here