McAfee MVISION Data Loss Prevention Monitor 2101 Release Notes

Installation information

Migration information

Migrate your policies and settings using one of these methods:

  • Use the MVISION ePO Migration tool.

    The MVISION ePO Migration extension tool migrates only policies, settings, and Active Directory configuration from McAfee® ePolicy Orchestrator® (McAfee® ePO™) on-premises server to McAfee® MVISION ePO, but the policy assignments and appliance groups in System Tree are not migrated automatically.

    Important: OpenLDAP servers are not supported with MVISION ePO, so before migrating McAfee DLP appliance policies and settings from McAfee ePO to MVISION ePO, do these changes in the McAfee ePO on-premises server:
    • Delete rules in DLP Policy Manager that refer to OpenLDAP servers and apply the change.
    • Deselect OpenLDAP servers from Policy CatalogDLP Appliance Management Users and Groups and click Save.
    Failing to make these OpenLDAP server related changes can result in policy push failures after migration.

    For more information, see Migrate McAfee DLP appliance polices and settings to MVISION ePO.

  • Back up the appliance policies and settings in McAfee ePO and restore them in MVISION ePO using the Backup & Restore feature. For more information, see Back up McAfee DLP Monitor appliance policies and settings in McAfee ePO and restore them in MVISION ePO.

    Active Directory configuration migration isn't supported with the Backup & Restore feature. For information about how to register an Active Directory server, see Set up Active Directory connectors and register your Active Directory server with MVISION ePO.

Features that have to be manually migrated:

  • Exact data match fingerprints CSV file — During migration, only the classifications and rules associated with EDM are migrated, but not the CSV packages. Re-create the CSV packages manually in MVISION ePO for matching the exact data fingerprints.
  • Manually registered documents — During migration, only the classifications and rules associated with manual registered documents are migrated, but not the packages. Upload the files and re-create the required packages manually in MVISION ePO.

Appliance software requirements

  • McAfee DLP Monitor appliance installation images:
    • For VMware vSphere virtual appliance —
    • For hardware appliance — McAfee-MS-11.6.0-3602.100.iso

For more information about the resolved issues in McAfee DLP Monitor 11.6, see McAfee Data Loss Prevention Monitor 11.6 Release Notes.

For a list of known issues in MVISION DLP, see MVISION Data Loss Prevention Known Issues.

New or changed features

This release introduces new features or improves existing features:

  • Support for MVISION DLP Monitor in MVISION ePO — You can now manage MVISION DLP Monitor appliances from MVISION ePO.
  • Support for migration — You can migrate McAfee DLP Monitor 11.6 from McAfee ePO to MVISION ePO using the MVISION ePO Migration tool.
  • Classification improvements — The built-in classifications, dictionaries, and advanced pattern definitions are enhanced to reduce false positives. Review and customize built-in classifications, dictionaries, and advanced patterns used in DLP policies to suit your protection goals.
  • Permissions and user roles — The Users & Roles feature now includes permissions to view and change DLP Appliance Management and Common Appliance Management policy settings. It also includes a role to view Appliance Management Dashboard.
  • Shared storage for evidenceMVISION DLP Monitor uses Amazon Simple Storage Service (S3) to store evidence, registered files, fingerprints, and whitelisted text. For more information, see Configure cloud storage for evidence and fingerprint files.
  • Incident management — You can manage incidents generated by MVISION DLP Monitor using Protection Workspace in MVISION ePO. Filter, search for and view incidents, and manage them by changing their properties, assigning reviewers, and downloading or emailing incident details and evidence.
  • DLP Incidents API to query events — You can use the DLP Incidents API (/api/v2/events) for external clients to query MVISION DLP incidents available in MVISION ePO. For more information, see DLP Incidents API.
  • Automatic response — You can configure MVISION ePO to automatically send emails when specific events occur. This helps you take immediate action when there is unauthorized transfer of sensitive or confidential data. You can specify which events trigger a response, and what the response is.
  • Dashboards, queries, and reports — View MVISION DLP Monitor incident and summary reports in MVISION ePO. View reports on incidents by day, rule set, severity, and type.

Updated platform, environment, or operating system support

You can get the latest information about supported platforms, environments, and operating systems from KB93790.

McAfee is working to achieve feature parity with the on-premises MVISION DLP Monitor product. The following options are not available in the 2101 release:

  • DLP Capture
  • Automatic registration of documents
  • McAfee® Threat Intelligence Exchange (TIE) integration reporting application reputation based on SHA-256 in addition to SHA-1 and MD5.
  • Controlled obfuscation with permission sets
  • Incident management features:
    • Increased limits when updating multiple incidents in the incident management workspace
    • Create a device template from an incident
    • Allow an administrator to define and use custom incident status and resolution
    • Add comments to an incident
    • Customize incident column view, and save current incident filter
    • Incident tasks
    • Incident Audit Log
  • DLP Case Management
  • DLP Operations
  • Advanced role-based access control, including dynamic permissions and access-control lists

Release version

This release of MVISION DLP Monitor is identified as version 2101, where the version identifier follows a yymm convention. For more information about using MVISION DLP Monitor, see the McAfee MVISION Data Loss Prevention Product Guide.