Data protection rule actions

The action performed by a data protection rules is entered on the Reaction tab.

By default, the action for all data protection rules is No Action. When combined with the Report Incident option, this creates a monitoring action that can be used to fine-tune rules before applying them as blocking rules. Along with reporting, most rules allow you to store the original file that triggered the rule as evidence. Storing evidence is optional when reporting an incident.

Tip: Set the default for all rules to report incidents in DLP Settings. This prevents accidental errors by failing to enter any reaction. You can change the default setting when required.

The user notification option activates the user notification pop-up on the endpoint. Select a user notification definition to activate the option.

Different actions can be applied when the computer is disconnected from the corporate network. Some rules also allow different actions when connected to the network by VPN.

The table lists the available actions other than No Action, Report Incident, User Notification, and Store original file as evidence.

Available actions for data protection rules
Data protection rule Reactions Additional information
Application File Access Protection Block When the classification field is set to is any data (ALL), the block action is not allowed. Attempting to save the rule with these conditions generates an error.
Clipboard Protection Block
Cloud Protection
  • Block
  • Request Justification
  • Apply RM Policy
  • Encrypt
Encryption is supported on Box, Dropbox, GoogleDrive, iCloud, OneDrive personal, OneDrive for Business, and Syncplicity. Attempting to upload encrypted files to other cloud applications fails to save the file.
Email Protection McAfee DLP Endpoint actions:
  • Block
  • Request Justification

For McAfee DLP Prevent, the reactions are:

  • Block and return email to sender
  • Add header X-RCIS-Action
  • No Action

For McAfee DLP Monitor, the only reaction is No Action.

Supports different actions for McAfee DLP Endpoint when the computer is disconnected from the corporate network.
Mobile Device Protection No Action Currently supported only for monitoring (Report Incident and Store original file as evidence).
Network Communication Protection Block

For McAfee DLP Monitor, the only reaction is No Action.

Storing evidence is not available as an option for McAfee DLP Endpoint.

McAfee DLP Endpoint supports different actions when the computer is connected to the corporate network using VPN.

Network Share Protection
  • Request Justification
  • Encrypt
Encryption options are McAfee® File and Removable Media Protection (FRP) and StormShield Data Security encryption software.

Encrypt action is not supported onMcAfee DLP Endpoint for Mac.

Printer Protection
  • Block
  • Request Justification
Supports different actions when the computer is connected to the corporate network using VPN.
Removable Storage Protection
  • Block
  • Request Justification
  • Encrypt
Encrypt action is not supported on McAfee DLP Endpoint for Mac.
Screen Capture Protection Block
Web Protection McAfee DLP Endpoint reactions:
  • Block
  • Request Justification

McAfee DLP Prevent reactions

  • No Action
  • Block

For McAfee DLP Monitor, the only reaction is No Action

Request Justification action is not available on McAfee DLP Prevent.