Use case: Prevent burning sensitive information to disk

Application file access protection rules can be used to block the use of CD and DVD burners for copying classified information.

Before you begin

Create a classification to identify the classified content. Use parameters that are relevant to your environment — keyword, text pattern, file information, and so forth.

Task

  1. In McAfee ePO, select MenuData ProtectionDLP Policy Manager.
  2. On the Rule Sets tab, select a current rule set or select ActionsNew Rule Set and define a rule set.
  3. On the Data Protection tab, select ActionsNew RuleApplication File Access Protection.
  4. (Optional) Enter a name in the Rule Name field (required). Select options for the State and Severity fields.
  5. On the Condition tab, in the Classification field, select the classification you created for your sensitive content.
  6. In the End-User field, select user groups (optional).
    Adding users or groups to the rule limits the rule to specific users.
  7. In the Applications field, select Media Burner Application [built-in] from the available application definitions list.
    You can create your own media burner definition by editing the built in definition. Editing a built in definition automatically creates a copy of the original definition.
  8. (Optional) On the Exceptions tab, create exceptions to the rule.
    Exception definitions can include any field that is in a condition definition. You can define multiple exceptions to use in different situations. One example is to define "privileged users" who are exempt from the rule.
  9. On the Reaction tab, set the Action to Block. Select a User Notification (optional). Click Save, then Close.
    Other options are to change the default incident reporting and prevent action when the computer is disconnected from the network.
  10. On the Policy Assignment tab, assign the rule set to a policy or policies:
    1. Select ActionsAssign a Rule Set to policies.
    2. Select the appropriate rule set from the drop-down list.
    3. Select the policy or policies to assign it to.
  11. Select ActionsApply Selected Policies. Select policies to apply to the McAfee ePO database, and click OK.