McAfee DLP Monitor Settings Set the rule type that McAfee DLP Monitor uses to inspect SMTP, HTTP, or FTP traffic and create rules to analyze certain types of traffic. Table 1: Option definitions Option Definition Protocol Rule Application If you don't want to analyze SMTP, HTTP, or FTP traffic with email and web protection rules, you can deselect the corresponding checkboxes. Analyze SMTP traffic applying Email Protection Rules — Evaluates protocol attributes and applies Email Protection rules when analyzing SMTP traffic. Analyze HTTP traffic applying Web Protection Rules — Evaluates protocol attributes and applies Web Protection rules when analyzing HTTP traffic. Analyze FTP traffic applying Web Protection Rules — Evaluates protocol attributes and applies Web Protection rules when analyzing FTP traffic. Traffic Rules The list of rules are evaluated in order. When the traffic matches the rule criteria, all subsequent rules in the list are ignored. Rule name — The name you gave the rule. Rule — The network attributes to evaluate against the traffic. Scan Traffic? — Deselect this option to stop McAfee DLP Monitor analyzing traffic that matches the rule. The default rule analyzes all traffic by default. It cannot be deleted. It always stays at the bottom of the list and is used if no other rule in the list matches. Click + to add new traffic filtering rules in the Add - Define Rule dialog box. The Match and Value options change depending on the attribute you select: Criteria — Click + to specify the network attributes that you want the rule to contain. Attribute — Select the type of network attribute that you want to add to the rule criteria. Important: The source and destination attributes relate to the flow of data, not the network connection. Match — Select the type of comparison for that criteria. Value — Type or select the value of the criteria. Update — Adds the criteria to the rule. You can add several criteria to a rule, but you can only add an attribute once to each rule.