Professional Documents
Culture Documents
Mcafee Data Loss Prevention 11.6.x Interface Reference Guide 11-1-2022
Mcafee Data Loss Prevention 11.6.x Interface Reference Guide 11-1-2022
x
Interface Reference Guide
Contents
DLP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Registered servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
MS-RMS details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Seclore details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
User management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Permission Sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
DLP policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Settings page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Quarantine page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Box page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Logging page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
SharePoint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Classification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Classification page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Definitions: Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Datasets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
DLP Configuration
DLP Settings page
General settings page
Use this page to specify licensing and other McAfee DLP-specific settings.
Option definitions
For more information... click here Link to the McAfee DLP FAQ page.
Shared Storage Shared Storage Location Specifies the UNC path to the
evidence storage folder.
Specify this path to store:
• Evidence files
• File with classification matches
• Registered document
fingerprints.
For Automatic Registered
Document, Discover Server
copies the fingerprint to the
evidence share location defined
in Server Configuration.
DLP Server then loads the
fingerprints from all evidence
share of Discover Servers and
makes it available through REST
API.
For Manual Registered
Document, the fingerprints are
copied to all available evidence
share.
• Package containing ignored
texts
• Endpoint discovery scan
summary in CSV file format
• Exact database matches for
McAfee DLP Prevent, McAfee
DLP Monitor, and McAfee DLP
Discover
• Search results for McAfee
DLP Prevent and McAfee DLP
Monitor
For Windows only environment You can use the local system
- Use local Windows system account to copy evidence. Not
account. supported by McAfee DLP
Endpoint for Mac or McAfee DLP
Prevent.
Option definitions
Option Definition
Last Modified Displays the date and time stamp of the last changes
to the settings.
Enforce system tree permissions Specifies whether System Tree permissions are used
or ignored. System Tree permissions can be used to
filter incidents in the DLP Incident Manager and DLP
Operations consoles.
Customized Event Timezone Sets the custom time zone for DLP Incident Manager
and DLP Operations.
Customized event time zone allows administrators to
order events according to their local time zone. The
setting is the offset from UTC time.
Policy Manager Sets default rule state and default reaction in the
DLP Policy Manager.
Option Definition
Category Definition
Last Modified Displays the date and time stamp of the last changes
to the settings.
Option Definition
Last Modified Displays the date and time stamp of the last changes
to the settings.
Short Match String Configures storage of short match string data in the
McAfee ePO database as encrypted or clear text.
Option Definition
• New
• Pending
• Viewed
• Under Investigation
• Escalated
• Resolved
• False Positive
• None
• Case opened
• Resolved - HR notified
• Resolved - Manager notified
• Resolved - User notified
• Closed - Authorized
• Closed Business workflow
• Closed - False positive
• Closed - test
Option definitions
Option Definition
Last Modified Displays the date and time stamp of the last changes
to the settings.
• New
• Pending
• Viewed
• Under Investigation
• Escalated
• Resolved
• False Positive
• None
• Case opened
• Resolved - HR notified
• Resolved - Manager notified
• Resolved - User notified
• Closed - Authorized
• Closed Business workflow
• Closed - False positive
• Closed - test
Option definitions
Option Definition
Last Modified Displays the date and time stamp of the last changes
to the settings.
Automatic Email Notifications Select the checkbox to send email notifications to all
stakeholders when a case is changed. Add reviewers
or users to the stakeholder list by selecting the
appropriate checkbox.
• New
• In progress
• Escalated
• Resolved
• Closed
• Under investigation
• User notified
• Manager notified
• False positive
• Closed
Option definitions
Use this page to backup the McAfee DLP configuration or restore a configuration from a saved file.
Option definitions
Last Backup Include policy injection object Select the checkbox to save the
(OPG) (OPG applies to McAfee policy injection object (OPG) in
DLP Endpoint, McAfee DLP the backup.
Prevent, and McAfee DLP
Monitor.)
Registered servers
Use this page to identify and describe a Microsoft RMS, LDAP or Seclore IRM server that you want to register with this McAfee
ePO server.
Note
This page is applicable only to McAfee DLP Endpoint and McAfee DLP Discover.
Option definitions
Option Definition
MS-RMS details
Use this page to provide details for a Microsoft RMS server.
Note
This page is applicable only to McAfee DLP Endpoint and McAfee DLP Discover.
Option definitions
Microsoft RMS server Retrieve RMS template using Selects the server path. Select
from the drop-down list and
enter the details.
DLP enforcement settings Local path to RMS template Optional local path for storing
templates.
Seclore details
Use this page to specify the information required to connect to a Seclore IRM server.
Note
Option definitions
Seclore policy server settings FileSecure server URL Text box for entering Seclore
server URLs. You can specify as
many servers as required.
Policy Server License type office formats Specifies additional license for
(used to specify additional office formats other than
licenses) Microsoft Office and PDF (default
license).
User management
Permission Sets
Permission set options are designed to give granular control over administrator roles.
While the division of roles is generally optional, if you are using the sensitive data redaction feature, you must create separate
permission sets for the monitor viewer and the administrator who can reveal the encrypted data.
Option definitions
DLP Policy Manager Rule Sets Access Control Select Use permissions to select
rule sets for use in policies and
scans.
Incident Management Incident Access by Type Deselect rule types to limit access
to only those types selected.
DLP Settings DLP Settings Tabs Deselect tabs to limit the DLP
Settings users can access.
Use this page to set DLP Help Desk permissions for administrators.
Option definitions
Option Definition
Generate release from quarantine key Grants the selected administrator permission to
create quarantine release keys.
Generate master response key for the keys above Grants the selected administrator permission to
create master release keys.
Use this page to specify permissions for appliances using the Appliance Management extension.
Option definitions
Option Definition
Appliance Database
• No permissions — Allows you to view — but not
to create, change, or run — the Purge Obsolete
Appliance Management Data task.
• View, create and change database tasks; run
database tasks on-demand — Grants the ability to
run the Purge Obsolete Appliance Management
Data task.
You must also select the corresponding permission
in the Server tasks permission set.
Use this page to specify permissions for the common policy used by appliances managed by the Appliance Management
extension.
Option definitions
Option Definition
Option Definition
Note
After setting user permissions, you must add the relevant user to the Owner list on the Policy Catalog → Common Appliance
Management 1.0.0 page.
Restrict access to the DLP Appliance Management settings in the Policy Catalog.
Note
This page is applicable only to McAfee DLP Prevent and McAfee DLP Monitor.
Option definitions
Option Definition
Option definitions
Option Definition
End user email address * Text field for user email address.
End user computer name Text field for user computer name
Request details (Business reason) Text field for business reason for the key.
* indicates required fields. For more information, see Create override keys.
Use this page to view active rule sets, and to activate inactive rule sets.
Option definitions
Option Definition
Rule Set [name] Click a rule set name to view or edit the rule set.
Actions → Activate Rule Set Opens the Activate Rule Set dialog box. Use this
dialog box to activate or deactivate rule sets.
Actions → Choose Columns Opens the Select the Columns to Display page.
This standard McAfee ePO control page is used to
determine the Active Rule Sets page display.
Close Closes the policy page, and returns you to the Policy
Catalog page.
Note
Option definitions
Option Definition
Filters (Local File System scans only) Allows selection of defined filters (File Information
definitions).
Close Closes the policy page, and returns you to the Policy
Catalog page.
Settings page
These policy settings apply to all rules and rule sets in the policy. Use this page to set default Application Strategy, Device Class
overrides, and Privileged Users.
Option Definition
Application Strategy for Unknown Applications Sets the default strategy for applications not defined
in the McAfee DLP database. Default: Editor.
Option Definition
Override Device Class Settings (Windows only) Selects device classes for temporary override of
Status or Filter Type.
Option Definition
Option Definition
Close Closes the policy page, and returns you to the Policy
Catalog page.
The Policy Validation page lists errors in the policy, such as backward compatibility errors, and allows you to correct them.
Option definitions
Option Definition
Actions Click Edit to open the rule and view the error.
Apply policy Applies the policy to the McAfee ePO database. The
button is grayed out as long as errors appear on the
page.
Close Closes the policy page, and returns you to the Policy
Catalog page.
Use this page for configuring access protection and other settings for the McAfee DLP Endpoint for Windows client.
You can access the Advanced Configuration page from Menu → Policy → Policy Catalog → Data Loss Prevention <version> →
Windows → edit a policy → Settings → Advanced Configuration.
Option definitions
Endpoint Settings Delay the start of DLP client Time interval between logging on
and client up. In rare cases, the
endpoint software needs more
time to load. Reset this default
as recommended by Support.
Changing this setting requires an
endpoint restart. Default: Run
immediately
Access Protection Settings DLP access protection When enabled, activates the DLP
data access protection features.
Default: Enabled in both Device
Control and full McAfee DLP
Endpoint.
Agent Bypass Stop agent bypass immediately When selected, stops the
when a new client configuration agent bypass when the
is loaded by McAfee DLP client configuration is updated.
Endpoint client. Default: Deselected (bypass
continues to timeout)
Use this page to edit the clipboard whitelisted applications list, and to enable or disable the Microsoft Office clipboard.
Option definitions
Option definitions
Text Extractor Use the following fallback ANSI Allows the administrator to
code page select the fallback character set.
The text extractor uses this
character set to read input
files when there is a problem
identifying the correct code
page. The default is to use
the endpoint computer operating
system native language.
Maximum input file size to scan The maximum file size the text
(MB) extractor can handle. Default: 20
Maximum output file size (MB) The maximum file size the text
extractor generates to be used by
the McAfee DLP Endpoint client.
Default: 10
Content fingerprinting for Preserve content fingerprints in When selected, restores content
Outlook attachments when sending or fingerprints of email attachments
receiving an email if the recipient has McAfee DLP
Outlook add-in installed.
Option definitions
Corporate Network Detection Detect if McAfee DLP Endpoint is Radio buttons to choose
Corporate VPN Detection inside the corporate network: connectivity test:
• By testing connectivity to
McAfee ePO
• By testing connectivity to
defined servers
Use this page to set logging and automatic memory dump parameters.
Option definitions
Automatic memory dump Process to create memory dump Specifies the McAfee DLP
Endpoint process or processes to
create a dump.
Log DLP events to external HTTP Send DLP events to HTTP server Enables/Disables sending events
server to an external server. Use the
text box enter the path.
Syslog Server Settings Send DLP events to Syslog Drop-down list to enable or
server disable the Syslog connection.
Option definitions
Option Definition
iPhone Protection Mode (Plug and Play) Sets the charging option when the device is blocked.
Default: Block and do not allow to charge.
Device Control Settings (Plug and Play) Enables or disables enforcing the policy immediately.
When disabled, policies are only enforced when the
McAfee DLP Endpoint client is restarted, or when
the device is physically or logically enabled/disabled.
Default: Enabled.
Use this page to set scan performance limitations for endpoint discovery.
Option definitions
Email storage discovery Add the following prefix to Defines the quarantined email
(Windows only) the subject of emails that DLP file prefix.
quarantines
Use this page to set McAfee DLP Endpoint parameters for email processing.
Option definitions
Option Definition
Email Handling API Selects the API used to add functionality to outgoing
mail. Select between:
• MAPI
• Outlook object model
Outlook 3rd party add-in integration Sets integration with either Titus or Boldon James
email classification software.
Outlook Background Processing (Only for McAfee Enable background processing of emails to reduce
DLP Endpoint 11.6 or later) user impact when sending emails using Microsoft
Outlook.
Set the maximum amount of time allowed to analyze
the emails.
Email Timeout Strategy (Applicable for McAfee DLP Sets maximum time to analyze an email and the
Endpoint lower than 11.6 when Outlook Background action if the time is exceeded.
Processing is enabled.)
Option Definition
Outgoing Email User Notification (Applicable for Sets the user notification message and when it is
McAfee DLP Endpoint lower than 11.6 when Outlook displayed.
Background Processing is enabled.)
Use this page to configure the client Shared Storage and Evidence for McAfee DLP Endpoint for Windows.
Option definitions
Shared Storage Shared Storage Location The UNC path to the location
on the server where evidence is
saved. To collect evidence, specify
a folder for evidence collection
in this text box. You can specify
these paths:
Specify this path to store:
• Evidence files
• File with classification matches
• Registered document
fingerprints
For Manual Registered
Document, the fingerprints are
copied to all available evidence
share
• Package containing ignored
texts
• Endpoint discovery scan
summary in CSV file format
Use local Windows system You can use the local system
account account to copy evidence. Not
supported by McAfee DLP
Endpoint for Mac or McAfee DLP
Prevent.
Copy files using the following When selected, uses the specified
credentials user and password to copy
evidence. Fill in the User
Name, Password, and Confirm
Password text boxes to specify a
user.
Free space on hard drive must The minimum free space on the
be greater than (MB) managed computer including the
evidence storage space. Default:
250
Incident Information Report short match string in When selected, displays the short
incident details match string on the Evidence tab
of the incident details page.
Use this page to select between McAfee Device Control and full McAfee DLP Endpoint, and to activate modules.
Option definitions
Operational Mode Device control and full content Standard setting for full McAfee
protection DLP Endpoint. When selected,
supports all data protection,
Note: Changes in this
device control, and discovery
category require a McAfee
DLP Endpoint client restart rules, as well as manual tagging.
Data Protection Modules Select modules to activate them. We recommend deselecting modules
that you do not use to improve speed and efficiency.
Option definitions
Quarantine page
Option definitions
Option definitions
Timeout Strategy File analysis maximum time Select a time from the drop-down
menu. (Range: 10 sec-30 min)
Option definitions
Option Definition
Option Definition
Windows Explorer Preview Pane When selected, disables Windows Explorer preview
pane functionality. Default: Enabled
Use this page to set the appearance of the McAfee DLP Endpoint client display on end-user computers.
Option definitions
Client User Interface (option checkboxes) Selects the options for the client
user interface display.
Link URL
Release code lockout policy Maximum number of incorrect Use the scroll wheel to select
attempts number of attempts. Range: 1–25
(in five steps)
Client Banner Image Browse Text box for locating the image to
be used as the banner.
Option Definition
Web protection evaluation Select inputs for web request evaluation when
matching web protection rules. These settings allow
blocking requests sent by A JAX to a different URL
from the one displayed in the address bar. At least
one option must be selected.
Process HTTP Get requests When enabled, enforces web protection rules on GET
commands. Typically, web protection rules apply to
HTTP POST and PUT commands. The GET function is
resource-intensive, and should be used with caution.
Default: Disabled
Supported Chrome versions Browse field to update Google Chrome to the latest
installed version. The XML file listing supported
versions can be obtained from McAfee Support.
Web Timeout Strategy Sets maximum time to analyze a web post and the
action if the time is exceeded.
Note
The whitelisted URL list is a common item used by all client configurations. Editing it in one client configuration thus affects
all other client configurations in the system. After backup and restore client configurations are not applied automatically, and
must be applied manually.
Option definitions
Option Definition
Quick find Text box for searching when there is a long list. You
can search on the host, path, or description fields.
Apply Searches for the text in the text box and displays the
matching whitelists.
Option Definition
Option definitions
Save and New (Add only) Saves the definition and opens a
new Add window.
Note: Supported wildcards are: * matches multiple characters; ? matches a single character.
Use this page for configuring agent bypass for the McAfee DLP Endpoint for Mac client.
Option definitions
Agent Bypass Stop agent bypass immediately When selected, stops the
when a new client configuration agent bypass when the
is loaded by McAfee DLP client configuration is updated.
endpoint client Default: Deselected (bypass
continues to timeout)
Access Protection Settings DLP access protection When enabled, activates the DLP
data access protection features.
Default: Enabled
Use this page to set text extractor options forMcAfee DLP Endpoint for Mac.
Option definitions
Text Extractor Use the following fallback ANSI Allows the administrator to select
code page the fallback character set. The
text extractor uses this character
set to read input files when
there is a problem identifying the
correct code page. The default is
to use the endpoint computer OS
native language.
Maximum input file size to scan The maximum file size the text
(MB) extractor can handle. Default: 20
Maximum output file size (MB) The maximum file size the text
extractor generates to be used by
the McAfee DLP Endpoint client.
Default: 10
Option definitions
Corporate Network Detection Detect if McAfee DLP Endpoint is Radio buttons to choose
Corporate VPN Detection inside the corporate network: connectivity test:
• By testing connectivity to
McAfee ePO
• By testing connectivity to
defined servers
Use this page to set logging and automatic memory dump parameters forMcAfee DLP Endpoint for Mac.
Option definitions
Use this page to set scan performance limitations for McAfee DLP Endpoint for Mac discovery.
Option definitions
Use this page to configure the client Shared Storage and Evidence for McAfee DLP Endpoint for Mac.
Option definitions
Shared Storage Storage Share Location The UNC path for the location
on the server where evidence is
saved. To collect evidence, specify
a folder for evidence collection in
this text box. Specify this path to
store:
• Evidence files
• File with classification matches
• Endpoint discovery scan
summary in CSV file format
Copy files using the following Uses the specified user and
credentials password to copy evidence. Fill in
the User Name, Password, and
Confirm Password text boxes to
specify a user.
Free space on hard drive must The minimum free space on the
be greater than (MB) managed computer including the
evidence storage space. Default:
250
Incident Information Report short match string in When selected, displays the short
incident details match string on the Evidence tab
of the incident details page.
Use this page to select between McAfee Device Control and full McAfee DLP Endpoint, and to activate modules.
Option definitions
Operational Mode Device control and full content Standard setting for full McAfee
protection DLP Endpoint. When selected,
supports all data protection,
device control, and discovery
rules, as well as manual tagging.
Use this page to set the removable storage deletion mode for McAfee DLP Endpoint for Mac.
Option definitions
Option Definition
Use this page to set the appearance of the McAfee DLP Endpoint for Mac client display on end-user computers.
Option definitions
Client User Interface Selects the options for the client user interface display.
Release code lockout policy Maximum number of incorrect Use the scroll wheel to select
attempts number of attempts. Range: 1–25
(in five steps)
Server Configuration
Box page
Note
Option definitions
Option Definition
Use trash when deleting files If selected and Box does not use the recycle bin, any
Move actions taken on files will fail and will default
to Copy. The default setting in Box is to enable the
recycle bin.
Keep version history when encrypting files When selected, the RMS policy encrypts and uploads
a file as a new version of the unencrypted file. In this
case, you can revert back to the unencrypted version
of the file.
When deselected, the encrypted file replaces the
existing file.
Use this page to configure the server Shared Storage and Evidence by selecting the Enforce on field.
Option definitions
• Evidence files
Copy files using local system When selected, uses the system
account account to copy files. McAfee DLP
Discover only.
Copy files using the following When selected, uses the specified
credentials user and password to copy
evidence. Fill in the User
Name, Password, and Confirm
Evidence Storage HTTP Service Enable Evidence Storage HTTP When selected:
service
• Allows DLP Server to act as
a HTTP proxy for McAfee
DLP Prevent and McAfee DLP
Monitor when storing evidence
files to the storage share.
• DLP Server stores the evidence
files on behalf of McAfee
DLP Prevent and McAfee DLP
Monitor on the configured
Storage Share (UNC).
Logging page
Use this page to set the logs and automatic memory dump.
Option definitions
Automatic Memory Dump Process to create memory dump Options to select on which
McAfee DLP Discover process to
run an Automatic Memory Dump
to store contents of memory, for
analyzing system issues.
Note
Option definitions
Option Definition
Registered Documents package distribution This cell is a read-only copy of the Storage Share
(McAfee Network DLP) (UNC) on the Evidence Copy Service page.
Registered Documents Content matching service Select a radio button to enable or disable registered
(McAfee DLP Discover and McAfee Network DLP) documents. If you enable the registered documents
feature, enter the path to the DLP Server for
fingerprint matching. Click Test Connectivity to
verify the path.
Registered Documents package loading (DLP Read-only section. Lists all server configuration
Server) policies, with the evidence storage UNC and
credentials.
Option definitions
Option Definition
Domain Text box for entering the domain name of the RMS
server.
SharePoint
Note
Option definitions
Option Definition
This page can be accessed from Policy Catalog → Data Loss Prevention<version> → Server Configuration.
Option definitions
Text Extractor (Applicable only Use the following fallback ANSI Allows the administrator to select
for McAfee DLP Discover) code page the fallback character set. The
text extractor uses this character
set to read input files when
there is a problem identifying the
correct code page. The default
is to use the native language of
the endpoint computer operating
system.
Maximum input file size to scan The maximum file size the text
(MB) extractor can handle. Default: 50
Maximum output file size (MB) The maximum file size the text
extractor generates to be used by
McAfee DLP Discover. Default: 50
Optical Character Recognition Use OCR to extract text from When selected, enables OCR in
(OCR) (Applicable for McAfee DLP images and scanned PDF files classification and remediation
Discover, McAfee DLP Prevent, scans of file repositories.
and McAfee DLP Monitor) To use OCR, you must install the
Note: The OCR feature
OCR package on the McAfee DLP
is supported in McAfee DLP
Discover 11.1.100 and later Discover server. See KB91046 for
and in McAfee DLP appliances more information.
11.4.0 and later. The OCR package is pre-loaded
in McAfee DLP Prevent and
McAfee DLP Monitor appliances,
but is unavailable unless the
appropriate license key is
installed.
Apply timeout and load balancing settings to McAfee DLP appliances. This category is available from Policy Catalog → DLP
Appliance Management<version> → General.
Option definitions
Option Definition
Load balancing
• Enable — Allow the appliance to be part of a
cluster.
• Cluster Id — Add an identifier for the cluster. The
identifier must be from 1 — 254.
• Virtual IP — If load balancing is enabled, add a
virtual IP address for all appliances in the cluster to
listen to.
Option Definition
Analysis Settings
• Maximum analysis time — The maximum time,
in minutes, that McAfee DLP Prevent attempts to
analyze an email or a web message. For McAfee
DLP Monitor, this is the maximum time in minutes
taken to analyze any network payload.
The maximum analysis time you can set is 999
minutes.
• Maximum nesting depth — The maximum depth
of .zip file attachments that McAfee DLP Prevent or
McAfee DLP Monitor analyzes.
The maximum nesting depth you can set is 100.
• Maximum file size — The maximum file size, in
megabytes, of expanded attachments that McAfee
DLP Prevent or McAfee DLP Monitor analyzes.
The maximum file size you can set for analysis is
2047 MB.
HTTP Proxy
• Enable — Allow cloud lookup functions with a
proxy.
• Hostname — If HTTP proxy is enabled, add an IPv4
or host name for the proxy.
• Port — If HTTP proxy is enabled, specify the port to
be used. Default: 80
Option Definition
• 22 (SSH)
• 161 (SNMP)
• 10443 (Local UI)
You can add or remove management ports as
needed.
McAfee DLP Server for Evidence Copy If your McAfee DLP appliance is in a demilitarized
zone (DMZ) with no network access to the evidence
file share, you can provide the host name or IP
address of a DLP Server.
The appliance then sends the evidence files to the
configured DLP Server, which in turn copies the
evidence files onto the evidence file share.
Option Definition
McAfee DLP Server for Registered Documents Connects the McAfee DLP appliance and a McAfee
DLP Discover server installed in the DLP Server role.
Enable the DLP Capture feature and store captured items that can be searched later or used to tune rules and classifications..
Option definitions
Option Definition
Delete captured items older than (days) When selected, enables the delete function. Select
the number of days with the thumbwheel.
Default setting: selected Range:1 -365, default 28
Set the rule type that McAfee DLP Monitor uses to inspect SMTP, HTTP, or FTP traffic and create rules to analyze certain types of
traffic.
Option definitions
Option Definition
Protocol Rule Application If you don't want to analyze SMTP, HTTP, or FTP
traffic with email and web protection rules, you can
deselect the corresponding checkboxes.
Traffic Rules The list of rules are evaluated in order. When the
traffic matches the rule criteria, all subsequent rules
in the list are ignored.
Option Definition
Disable SMTP scanning, add permitted hosts and more MTAs, bypass scanning emails sent from the specified email addresses,
and specify Transport Layer Security (TLS) settings.
Tip
To stop the appliance being an open relay, specify permitted hosts that can receive email. At times of heavy email traffic,
having more than one Smart Host can help to distribute the load.
In McAfee ePO, open the Policy Catalog. Select the DLP Appliance Management product, choose the McAfee DLP Prevent Email
Settings category, and open the policy you want to edit.
Option definitions
Option Definition
SMTP
• Enable SMTP — Enabled by default. Allows SMTP
communication over port 25. You can disable this
Option Definition
Connection Settings
• Onward connection — The maximum time, in
seconds, that McAfee DLP Prevent waits to
establish a connection with an MTA.
• Onward delivery — The maximum time, in
seconds, that McAfee DLP Prevent waits for the
final dot to be acknowledged when it delivers an
email message.
• Between SMTP commands — The maximum
time, in seconds, that McAfee DLP Prevent waits
between two SMTP commands.
Bounce Messages Sender Specify the sender email address for a bounced
email message.
Smart Hosts
• Round-robin — McAfee DLP Prevent delivers
messages to the list of MTAs using a round-robin
approach.
• Host — Add details of the MTAs that you want
to use to deliver messages. McAfee DLP Prevent
attempts to deliver the messages to the MTAs from
the top to the bottom of the list. Use the arrows to
set the priority.
Permitted Hosts
• Accept mail from any host — McAfee DLP Prevent
accepts messages from any computer.
• Accept mail from these hosts only — When
selected, you can type the details of permitted
hosts that McAfee DLP Prevent can receive
messages from. Enter the details of the host
Option Definition
• Outbound communication
Always — Always use TLS to send messages.
If the Smart Host is not configured with TLS,
McAfee DLP Prevent sends a 550 (Denied
by policy. TLS conversation required) error
message.
Never — Connections to the Smart Host never
use TLS encryption.
Option Definition
Disable ICAP scanning, and manage the types of requests that you want the appliance to handle.
Option definitions
Option Definition
Option Definition
Permitted Hosts
• Accept request from any host — McAfee DLP
Prevent accepts requests from any computer.
• Accept request from these hosts only — When
selected, you can type the details of permitted
hosts that McAfee DLP Prevent can receive
requests from. Enter the details of the host using
its IP address with subnet, domain name, or
wildcard domain name.
Select the registered LDAP servers that you want to push group information to McAfee DLP appliances, and add details of
McAfee Logon Collector servers.
Option definitions
Option Definition
LDAP Servers
• Server Name — Registered LDAP server
• Server IP/Domain — The IP address or domain
name of a registered LDAP server that you want
to use.
Use the Registered Servers page to connect LDAP
servers with McAfee ePO.
• Initiate daily synchronization at — Use this field to
set the time when the daily synchronization of the
appliance with the LDAP servers must happen.
The default is 3.00 a.m.
Option Definition
Classification
Classification page
The Classification page contains a list of existing content classifications and classification groups. Use this page to add new
content classifications and groups, or to edit or delete existing content classification and groups.
The default page for the classification feature includes tabs for Manual Classification, Register Documents, Whitelisted
Text, Definitions and Classification Tester. Create new classifications before going to the Manual Classification or Register
Documents tab to define user groups with permission to classify manually. Definitions can be defined in advance, or when
defining a new classification.
Note
Register Documents and Whitelisted Text are only supported on McAfee DLP Endpoint for Windows.
Option definitions
Actions definitions
Content Classification Classification Usage Displays a list of all rules that use
the selected classification.
Classification Group New Classification Group Opens a window where you can
enter a group name and group
description. The classification
group is added to the left pane of
the classification page when you
complete creating it.
Option definitions
Option Definition
Option Definition
Note
Every selected property must have a value assigned to it. To save the definition, deselect any properties that do not have
values assigned.
Option definitions
Option Definition
Criteria Name Enter a unique name for the criteria definition. This
field is required.
Option Definition
Note
Every selected property must have an assigned value. To save the definition, deselect any properties that do not have
assigned values.
Use this page to define and add box content fingerprinting criteria.
Note
This page is applicable only to McAfee DLP Endpoint and McAfee DLP Discover.
Option definitions
Option Definition
Criteria Name Enter a unique name for the criteria definition. This
field is required.
Box Account Names Account can be any file or a specified Box account. If
you select Files located in one of the following Box
Accounts, use Actions to add accounts.
Option Definition
Use this page to define and add location content fingerprinting criteria.
Option definitions
Option Definition
Criteria Name Enter a unique name for the criteria definition. This
field is required.
Network shares (UNC) Specifies a network share for the location tagging.
Option Definition
Note
Every selected property must have an assigned value. To save the definition, deselect any properties that do not have
assigned values.
Use this page to define and add SharePoint content fingerprinting criteria.
Note
This page is applicable only to McAfee DLP Endpoint and McAfee DLP Discover.
Option definitions
Option Definition
Criteria Name Enter a unique name for the criteria definition. This
field is required.
Option Definition
Web Address (URL) Specifies a web address. This field is required. Click
Use this page to define and add web application content fingerprinting criteria.
Note
This page is applicable only to McAfee DLP Endpoint and McAfee DLP Discover.
Option definitions
Option Definition
Criteria Name Enter a unique name for the criteria definition. This
field is required.
Option Definition
Web Address (URL) Specifies a web address. This field is required. Click
Option definitions
Option Definition
Show selected items only When selected, limits the display to selected items.
Option Definition
Include Built-in items When selected, displays items from the McAfee
default catalog.
Count multiple occurences of each match string. Used with Advanced Pattern and Dictionary
properties only. Controls the way the property is
Option definitions
Option Definition
Proximity Between, and Selects the two values to specify proximity for. The
values can be a dictionary, an advanced pattern, or
a keyword. You can add multiple keywords separated
by comma (,).
Match Count Specifies how many times the values must appear in
proximity to each other to trigger the classification
criteria.
Use this page to select where to look for classification criteria in a document.
Option definitions
Option Definition
within first (characters) Specifying the number of characters for the within
first (characters) option in a classification looks for
the sensitive content in the header, that is, in the
first part of the first page in a document.
Option definitions
Option Definition
Exact Data Fingerprints Records Opens a window with a list of exact data fingerprints
to select from.
Single record match criteria Contains two text fields to specify the match criteria:
The first field specifies the number of cell values to
match. The second specifies the proximity.
After you have created classification definitions on the Classification tab, you can specify user groups that are allowed to set or
remove these classifications from files manually.
Option definitions
Option Definition
Additional Actions (Group by classifications) Checkboxes for Manual classification and Content
fingerprinting. The default is manual classification
only, but you can select both or change the setting to
content fingerprinting only.
Option Definition
Actions → Allow everyone When you group by classifications, use this option to
allow all users to set manual tags.
Actions → Select End-User Groups When you group by classifications, use this option to
add new user groups to a classification.
Actions → Select Classifications When you group by user groups, use this option to
add new classifications to a user group.
The Register Documents tab of the Classification module displays a list of files that have been registered, and the classification
applied.
Tip
Option definitions
The Whitelisted Text tab of the Classification module displays a list of whitelisted files and statistics on size, number of
signatures, and so forth.
Tip
Option definitions
Option Definition
File Upload (Actions → File Upload ) Opens a File Upload window where you can select
files and assign classifications.
Create Package (Actions → Create Package ) Adds the files to the McAfee ePO database to be
distributed to the McAfee DLP Endpoint clients.
Definitions: Data
Advanced Pattern definition page
An advanced pattern consists of an expression to be tested and an optional false positive expression. You can add multiple
expressions to a single definition to create a "Text Pattern Group".
Option definitions
Option definitions
Option definitions
Comments
Company
Keywords (Tags)
Last Saved By
Manager Name
Security
Subject
Template
Title
Option definitions
Option Definition
Name A generic name for the files, for example Audio files.
Option definitions
Available Properties Date Accessed (UTC) Click the arrow to the right of
the property name (or double-
Use this page to view True File Type definitions and usage. True File Type definitions identify files even if the suffix has been
changed in an attempt to hide the content. This page has no user-definable definitions.
Definitions: Source/Destination
Application Template page
This page contains a list of existing application definitions. Use this page to edit or create an application definition, or view a list
of rules that use a specific application definition.
Note
Option definitions
Option Definition
Option definitions
Option Definition
Add Users Opens the Active Directory search page for users.
Add Groups Opens the Active Directory search page for groups.
Option definitions
Option Definition
Network Shared Folders Shared folder in UNC format. The server name can
be either a host name or IP address. Use Include
and Exclude to create granular definitions.
Option definitions
Option definitions
Classifications List Select classifications for testing. Lists all your classifications,
including built-in and customized.
Use the search box to search for
classifications from the list.
Use the expand button to view
the classifications in groups and
select classifications by clicking
the checkboxes.
Test Data Select a file, or enter text to test Options for adding text.
your classifications.
• Browse — When option is
selected, the browse button is
enabled, and you can browse
your network to upload a file.
Maximum file size for upload is
50 MB.
• Plain Text — When option is
selected, you can enter text
manually.
Run test.
• Time-out test after — Use the
menu to select the amount
of time the classification tester
attempts to provide results.
• Start Test — Starts testing the
selected classifications and text.
DLP Capture
Search List
The DLP Capture Search List manages the searches and their settings.
Option definitions
Forensic investigation
Create a forensic investigation search to investigate captured events for file names, keywords, or end-user names.
Note
* indicates a required field. It is possible to create a forensic investigation search without specifying additional criteria, but it
will analyze every item in the dataset.
Option definitions
stop search when max results Select this box to stop the search
reached when the number set in Max
Results to Report is reached for
each appliance.
When this option is deselected,
the search continues and saves
all results in the detailed results
report.
Save & Run Select this option to run the search immediately. The search is added to
the list of searches.
Save Select this option to save the search definition and run later. The search
is added to the list of searches.
Create an email protection rule search to edit a rule's settings until you get the desired results, without affecting active data
analysis.
Option definitions
stop search when max results Select this box to stop the search
reached when the number set in Max
Results to Report is reached for
each appliance.
When this option is deselected,
the search continues and saves
all results in the detailed results
report.
Condition tab / Exceptions tab Actions ( Exceptions tab only) Adds or deletes a search
exception.
Save & Run Select this option to run immediately. The search is added to the list of
searches.
Save Select this option to save and run later. The search is added to the list of
searches.
Create a network protection rule search to edit a rule's settings until you get the desired results, without affecting active data
analysis.
Option definitions
stop search when max results Select this box to stop the search
reached when the number set in Max
Results to Report is reached for
each appliance.
When this option is deselected,
the search continues and saves
Condition tab / Exceptions tab Actions (Exceptions tab only) Adds or deletes a search
exception.
Save & Run Select this option to run immediately. The search is added to the list of
searches.
Save Select this option to save and run later. The search is added to the list of
searches.
Create a web protection rule search to edit a rule's settings until you get the desired results, without affecting active data
analysis.
Option definitions
stop search when max results Select this box to stop the search
reached when the number set in Max
Results to Report is reached for
each appliance.
When this option is deselected,
the search continues and saves
all results in the detailed results
report.
Condition tab / Exceptions tab Actions ( Exceptions tab only) Adds or deletes a search
exception.
Save & Run Select this option to run immediately. The search is added to the list of
searches.
Save Select this option to save and run later. The search is added to the list of
searches.
Search Results
View high-level information about search results.
Option definitions
Option Definition
Option Definition
Search results display area Search results Displays search results based
on the current selections. Select
the search ID link to get more
information about the search
results.
Option Definition
This page displays detailed information for the selected search result.
Note
The option definition table displays only those items with a user action.
Option definitions
Endpoint Details Click the User Logon Name link to view more detail.
Reporting product Details about the appliance that reported the incident.
Datasets
Use this page to create, edit, duplicate, or delete data sets.
Option definitions
Option definitions
Option Definition
Option Definition
DLP Discover
Discover Servers page
Use this page to detect Discover servers and to view information on servers in the network.
The Discover Servers page displays information on Discover servers in the network. You can filter the display by selecting
limiting values for one or more parameters with the filter Edit control. You can reuse unsaved filters throughout the work
session, or Save the filter for future use as either a public or private filter.
Filter definitions
Option Definition
Actions definitions
Option Definition
Detect Servers Updates the server list. You can also perform this
task with Detect Discovery Servers from McAfee
ePO: Menu → Automation → Server Tasks.
Option Definition
Set system name Sets the optional System Name of the selected
computer.
Discovery definitions
Definitions page (McAfee DLP Discover)
Use this page to create definitions for McAfee DLP Discover scan operations.
Option definitions
Option Definition
Option definitions
Option Definition
Domain name This field is required for all repository types except
Database. Leave this field blank when creating a
database credential definition.
Password
Confirm password
Scheduler page
The Scheduler stores schedules for running McAfee DLP Discover and endpoint discovery scans.
The options available depend on the Schedule type selected. Table 1 shows the options that apply to all schedule types.
Table 1
Option Description
Table 2 describes the additional options for all schedule types other than Run immediately.
Table 2
Option Description
Effective period Sets the start date for scans run once; sets start and
end dates for all other schedule types.
Run immediately and Once No options, other than setting the schedule type.
Options Runs a task that has been missed. Not available for
Run immediately.
Daily You can set a frequency for scans of 1–30 days. The
scan repeats every x days within the specified period.
Weekly You can set a frequency for scans of 1–52 weeks. You
can also select the day of the week the scan runs.
Monthly You can set either the numerical day of the month
for the scan or a specific day of the month (first
Sunday, third Tuesday). You can also skip specific
months by selecting the monthly checkboxes.
Option definitions
Option Definition
This page displays information on configured scans, such as the scan names, the number of files scanned, and the time that
scans were run. The display is user-configurable as to which parameters are displayed, and the order in which they are displayed
by selecting Actions → Choose Columns. You can filter the display by selecting limiting values for one or more parameters with
the filter Edit control. You can reuse unsaved filters throughout the work session, or Save the filter for future use as either a
public or private filter.
Click Apply Policy to apply the settings to the McAfee DLP Discover servers.
Filter definitions
Option Definition
Edit (filter) Opens the McAfee ePO Edit Filter Criteria page.
Select from the available properties list, and click
Update Filter.
Action definitions
Option Definition
Clone Scan Opens the Edit Scan page with the information of
the selected scan. Edit as required. Change the name
to save the cloned scan.
Option Definition
Synchronize Data Updates the table with the current McAfee Agent
properties.
All discovery scans are configured in a similar manner. The scan options are selected in the upper Scan Details pane. The lower
pane has multiple tabs for new scans.
We recommend creating schedule, repository, filter, and rule set definitions before configuring scans. If repositories require
credentials for access, create the necessary credentials definitions as well.
Option definitions
Option Definition
Discovery Server Select an entry from the selection window. This field
is required.
Option Definition
Files List (All scan types except Database) Select this option if you want to display Data
Inventory information. If you deselect this option,
you can view the counters on the Data Analytics
page, but cannot expand them to display the
detailed information. For large repositories, we
recommend using this option with filters to limit the
impact on the McAfee ePO database.
Tables Information (Database scans only) Checkbox to store the database table information in
Data Inventory.
Incident Handling (Remediation scans only) Use the drop-down list to set the maximum number
of incidents to report per scan. Select the checkbox
to close the scan if a threshold is exceeded. Range:
100-100,000
Report Incident per Record (Database scans only) Drop-down list to report the maximum number of
incidents per DB table. The default is Do not report
incidents. You can only edit the drop-down list
for remediation scans - inventory and classification
scans report by table.
Signatures (Registration scans only) Use the drop-down list to set the maximum
number of signatures to report per scan. Range:
100.000-100,000,000
Option Definition
Error Handling Use the drop-down list to set the maximum errors
to report per scan. Select the checkbox to close the
scan if a threshold is exceeded. Range: 100-100,000
Tab options
Tabs
History All scans that have run. Does Displays the scan history
not appear when creating a New information.
Scan definition.
Actions definitions
Option Definition
Select Classifications Appears only for Scan Type: Classification. Opens the
Choose from existing values window for selecting
Classification definitions.
Select Filters Opens the Choose from existing values window for
selecting File Information definitions.
Select Repositories Opens the Choose from existing values window for
selecting Repository definitions.
Select Rule Sets Appears only for Scan Type: Remediation. Opens
the Choose from existing values window for
selecting Rule Set definitions.
Option definitions
Option Definition
Option Definition
Option definitions
Option Definition
Host Name Displays the host name of the repository. This field is
blank if the token has not been retrieved.
Credentials
• Box website link — You can use this link to define
the Discover server application and to get the client
ID and secret.
• Client ID — Specifies the client ID.
• Client Secret — Specifies the client secret.
• Get Token — Opens a page to Box to retrieve the
token.
Option Definition
Option definitions
Option Definition
Option Definition
Option definitions
Option Definition
Option Definition
Repository definitions can contain both included and excluded repositories. You can use the Exclude section to exclude specific
directories of the SharePoint defined in the Include section, as well as excluding other shares.
Option definitions
Option Definition
Option Definition
Option definitions
Option Definition
Option definitions
Option Definition
Show selected items only When selected, limits the display to selected items.
Filters apply File Information definitions to limit the scan by properties such as file size, date, or extension.
Option definitions
Option Definition
Show selected items only When selected, limits the display to selected items.
Option definitions
Option Definition
Option Definition
Show selected items only When selected, limits the display to selected items.
Option definitions
Option Definition
Show selected items only When selected, limits the display to selected items.
Rule Set list Displays rule sets based on the current filter.
• Data
• Device Control
• Notification
• Other
• Source/Destination
• Repositories
Option definitions
Option Definition
Actions → New (for all definitions except Device Creates a definition of the type selected in the left
Templates) pane.
Option Definition
Data definitions
Option Definition
Name A generic name for the files, for example Audio files.
Option definitions
Option Definition
Filter Type Upper or lower. Most devices use the upper filter.
This page contains a list of existing device definitions. Use this page to create, edit, or delete a device definition, or view a list of
rules that use a device definition.
Option definitions
Actions → Import from CSV Fixed Hard Drive Templates Opens the Import window for
browsing and selecting files to
Actions → New Fixed Hard Drive Template Opens the configuration page
displaying properties for defining
a fixed hard drive device.
Actions → New Group Fixed Hard Drive Group Opens a configuration page for
adding fixed hard drive device
definitions to a group.
Use this page to create device serial number - end-user pair definitions. The definitions are used in removable storage and Plug
and Play device rules to define exceptions for specific devices used by specified users. Not supported on McAfee DLP Endpoint
for Mac.
Option definitions
Notification definitions
Option definitions
Option Definition
Option Definition
Locale definitions
Option Definition
Dialog Title Text box for entering a title. This field is optional.
Justification Overview Text box for defining the justification. This field is
required.
Left Button Text label for the button. Maximum label length is 10
characters. This field is required.
Middle Button Text label for the button. Maximum label length is 10
characters. This field is required, unless you hide the
button.
Right Button Text label for the button. Maximum label length is 10
characters. This field is required, unless you hide the
button.
Option Definition
Must select Justification option Checkbox to require the user to select an option with
the button. Typically, this checkbox is selected when
the label is No Action, and left unselected for other
labels.
Placeholders
You can use placeholders in the Justification Overview text box to display pre-defined text.
Display text placeholders
Placeholder Definition
Example:
The text Provide a business justification to send email with restricted %r information. displays as: Provide a business
justification to send email with restricted SSN information. when the social security rule triggers the pop-up window, but as Provide a
business justification to send email with restricted HIPAA information. when the HIPAA rule triggers the pop-up window.
Option definitions
Option Definition
Dialog Size Use the radio buttons to select the notification text
size.
Text to display Text box for defining the notification. This field is
required. Text can contain embedded placeholders
that are replaced with real values when displayed.
More Info Checkbox to link to a web page. If you check the box,
the URL text box is a required field.
Placeholders
You can use placeholders in the Text to display text box to display predefined text.
Placeholder Definition
Example:
The text This email was blocked because it contains restricted %c information. displays as: This email was blocked
because it contains restricted SSN information. when the social security classification triggers the pop-up, but as This email was
blocked because it contains restricted HIPAA information. when the HIPAA classification triggers the pop-up.
Rich Text
You can use HTML tags to produce Rich Text notifications by placing the tags in a <DIV>.
Example:
The text This email was blocked because it contains restricted information. If you need to send this
email,<div><b>Contact your manager.</b></div> displays as:
This email was blocked because it contains restricted information. If you need to send this email,
Other definitions
Scheduler page
The Scheduler stores schedules for running McAfee DLP Discover and endpoint discovery scans.
The options available depend on the Schedule type selected. Table 1 shows the options that apply to all schedule types.
Table 1
Option Description
Table 2 describes the additional options for all schedule types other than Run immediately.
Table 2
Option Description
Effective period Sets the start date for scans run once; sets start and
end dates for all other schedule types.
Table 3
Run immediately and Once No options, other than setting the schedule type.
Options Runs a task that has been missed. Not available for
Run immediately.
Daily You can set a frequency for scans of 1–30 days. The
scan repeats every x days within the specified period.
Weekly You can set a frequency for scans of 1–52 weeks. You
can also select the day of the week the scan runs.
Monthly You can set either the numerical day of the month
for the scan or a specific day of the month (first
Sunday, third Tuesday). You can also skip specific
months by selecting the monthly checkboxes.
Source/Destination definitions
This page contains a list of existing application definitions. Use this page to edit or create an application definition, or view a list
of rules that use a specific application definition.
Note
Option definitions
Option Definition
Option Definition
Option definitions
Option Definition
Analyze memory mapped files Select from the drop-down list. Default: Disable
When enabled, analyzes memory-mapped files such
as Autodesk 3ds Max graphic files. Due to processing
overhead, we do not recommend using this option
Option Definition
Available Properties
Property Definition
Executable file name The current file name; differs from original
executable if the name was changed.
Original Executable file name The original name of the executable. This property
will cover all versions of the application, whereas the
file hash is specific.
Note
Not all properties are supported on McAfee DLP Endpoint for Mac; all are supported on McAfee DLP Endpoint for Windows.
Use this page to specify details about protocols for McAfee DLP Monitor.
Option definitions
Option Definition
Available Properties
• Encapsulated — Select whether the traffic (such as
SOCKS) is encapsulated
• Port — Specify the TCP or UDP port that the traffic
is sent over. For example, SMTP typically uses port
25
• Protocol — The protocol that you want to identify,
such as SMTP or ICAP
• Transport — Specify whether the traffic is sent
over TCP or UDP, or both
• VLAN ID — Specify whether the traffic is sent over
a VLAN.
Option definitions
Option Definition
Add Users Opens the Active Directory search page for users.
Add Groups Opens the Active Directory search page for groups.
Option Definition
Local Folders Path definition, entered as UNC. Use the Include and
Exclude options for path separation.
Use this page to create or edit a Network Address (IP address) definition.
Option definitions
Option Definition
Use this page to edit or delete a network port definition, or view a list of rules that use a specific port definition. Click Actions →
New to create definitions. This page contains a list of built-in port definitions.
Option definitions
Option Definition
(Port) Description Use this field for information to identify the port.
This field is optional.
Option definitions
Option Definition
Model Text box for entering the printer model. This field is
optional.
Location Text box for entering the printer location. This field is
optional.
Option Definition
Option Definition
Network Shared Folders Shared folder in UNC format. The server name can
be either a host name or IP address. Use Include
and Exclude to create granular definitions.
Use this page to create a list of executables that can be blocked from running by rules.
Option definitions
Option Definition
Actions Click Add to add the text box entry to the list. For
entries added to the list, you can Edit or Delete.
Option definitions
Use this page to create Window Title definitions, which can be used in clipboard or screen capture protection rules.
Option definitions
Option Definition
Window Title Contains Text box for entering a window title. Partial matching
is supported.
Rule sets
DLP Rule Sets page
Use this page to display and define rule sets to assign to policies.
Definitions
Option Definition
Option Definition
Actions → New Rule Set Use this option to create a rule set.
Actions → Choose Columns Sets which columns are displayed and their order.
This control is a standard McAfee ePO control.
Use this page to assign rule sets to policies, apply policies to the McAfee ePO database, and edit policy or endpoint discovery
scan settings.
Option definitions
Option Definition
Assign a Rule Set to policies Displays a window with a drop-down list to select
a rule set, and checkboxes to select policies for the
assignment.
Select Rule Sets for policy Displays a window with a drop-down list to select
a policy, and checkboxes to select rule sets for the
assignment.
Reactions page
Use this page to define the actions and reporting for data protection, device protection, discovery, and application control rules.
Note
Data protection and device protection rules have a granular Action definition. You must define an action for each product
selected in the Enforce on field. You can also define different actions for the following:
Discovery rules only apply when the computer is connected to the corporate network.
Option definitions
Option Definition
Report Incident Select the checkbox for the rule to trigger a DLP
Incident Manager report. For data protection and
discovery rules, you can also store the original file.
These options apply to both the rule Definition and the rule Reaction.
Option definitions
Option Definition
Option Definition
Application file access protection rules block files based on the application that created them.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Clipboard protection rules block use of the clipboard to copy sensitive data.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
Cloud protection rules monitor or block sensitive content being uploaded to the cloud with common cloud applications. Files can
be quarantined or require justification before being uploaded.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
top level Subfolder name Use this field to limit the rule
to specific folders. The default is
any subfolder (ALL).
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Option definitions
Rule options tab Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Reaction → McAfee DLP Cloud Action Select an action from the drop-
down list. The default is No
Action.
Note: You can set the
action separately for McAfee
Cloud DLP configured as Note: Selecting No Action
inline protection (able to with Report Incident is
block) and McAfee Cloud sometimes referred to as
DLP configured as passive Monitor.
protection ( only monitoring
and no blocking).
Report Incident Select the checkbox for the rule
to trigger a DLP incident.
Network communication protection rules monitor or block incoming or outgoing data on your network. Rules are not supported
in clients installed on Windows server operating systems.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Condition tab / Exceptions tab Classification Use the is any data (ALL) option
to bypass applying a content
classification, or use the is one of
Note: Network
(OR) or is all of (AND) options to
communication protection
rules do not check select predefined classifications.
content classification criteria. You can use the + icon to
Use content fingerprinting add multiple classifications, and
criteria when defining define their relationship with the
classifications used with and/or option.
Network communication
protection rules.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Network share protection rules protect files in specified shared folders. Files can be encrypted, or require a business justification
for access.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Printer protection rules block files from being printed on local, network, or image printers. You can limit the rule to specific
applications.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Removable storage protection rules block data from being written to removable storage devices, including mobile devices using
the Media Transfer Protocol (MTP).
To protect devices using MTP, verify that the Removable Storage Protection → Portable Devices Handler is activated in the
Policy Catalog client configuration on the Operational Mode and Modules page.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Screen capture protection rules control data copied and pasted from a screen.
To use screen capture protection rules, verify that the Screen Capture Service in the Policy Catalog client configuration on the
Operational Mode and Modules page is activated. (The service is activated by default.) Specify the screen capture applications
supported on the Screen Capture Protection page.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Web protection rules block data from being posted to websites, including web-based email sites.
Supported browsers are Microsoft Internet Explorer, Google Chrome, Microsoft Edge (Chromium -based), and Mozilla Firefox .
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
This tab contains a list of all data protection rules. You can create, edit, enable/disable, or delete rules from this page.
Option definitions
• Clipboard Protection
• Cloud Protection
• Email Protection
• Network Communication
Protection
• Network Share Protection
• Printer Protection
• Removable Storage Protection
• Screen Capture Protection
• Web Protection
Option definitions Name Text box for editing the rule set
name.
This page contains a list of all rules for controlling devices. You can create, edit, enable/disable, or delete rules from this page.
Option definitions
Use this page to define a Removable Storage Device Rule. Removable storage devices can be blocked, monitored, or set to
read-only.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Serial Number & User Pairs Select a serial number and user
(Windows only) pair definition to exclude from
the rule.
Use this page to define a device rule to protect devices mapped to shared Citrix Xenapp desktop sessions. Citrix device rules can
block, monitor, or set devices to read-only.
Option definitions
is optional.
State Select Enabled or Disabled from
Whitelisted Users is the only the drop-down list. The exception
option for Citrix device rules. state is independent from the
rule state.
Use this page to create a fixed hard drive protection rule. Fixed hard drive rules do not protect the boot or system partition. They
can block, monitor, or set the drive to read-only.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Use this page to create a plug-and-play device rule definition. Plug-and-play rules can block or monitor devices.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Serial Number & User Pairs Select a serial number and user
(Windows only) pair definition to exclude from
the rule.
Use this page to define a removable storage file access device rule.
Removable storage file access device rules are used to block executables on plug-in devices from running. Because some
executables, such as encryption applications on encrypted devices, must be allowed to run, the rule allows you to exclude one
application.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Use this page to create a TrueCrypt Device Rule definition. Plug and play rules can block or monitor TrueCrypt virtual encryption
devices, or set them to read-only.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Discovery page
Depending on the installed licences, this page contains a list of all McAfee DLP Endpoint Discovery or McAfee DLP Discover rule
sets, or both. You can create, edit, enable or disable, or delete rule sets from this page.
Option definitions
Use this page to configure a Local File System endpoint discovery rule.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
• is one of (OR)
• is all of (AND)
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Use this page to configure a Local Email (OST, PST) discovery rule.
Option definitions
• is one of (OR)
• is all of (AND)
You can use the + icon to add
multiple classifications, or select
multiple classifications with the
AND option.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Option definitions
Option definitions
Rule options Rule name Enter a unique name for the rule.
This field is required.
Note: The Exceptions tab Name Enter a unique name for the
is optional. exception. This field is required.
Use this page to assign rule sets to policies, apply policies to the McAfee ePO database, and edit policy or endpoint discovery
scan settings.
Option definitions
Option Definition
Assign a Rule Set to policies Displays a window with a drop-down list to select
a rule set, and checkboxes to select policies for the
assignment.
Option Definition
Select Rule Sets for policy Displays a window with a drop-down list to select
a policy, and checkboxes to select rule sets for the
assignment.
Use this page to configure the DLP Incident Manager Analytics page.
Option Definition
Note
Option Definition
Option Definition
Option Definition
Option Definition
This page provides administrators with a list of events triggered by policy rules. The list can be filtered for easier viewing.
The Incident List displays only policy violations. Administrative events such as agent updates are displayed in a separate console,
DLP Operational Events.
Option Definition
Note
Scan (McAfee DLP Discover only) Opens the Select scan and run
page to specify the scan and scan
instance to display results for.
This page displays detailed information for the selected incident. Some information is for display only, other information can be
modified.
Note
The option definition table displays only those items that can be changed by the user.
Option definitions
Endpoint Details User Principal Name Click the link to view more detail.
Additional Information Access Control List Click the link to view which Active
Directory users and groups have
access to files.
Rules
Classifications
Stakeholders
Audit Log
Comments
Cases
This page allows an administrator to set up specific tasks according to defined criteria. Tasks are run by the McAfee ePO
Automation → Server Tasks feature. The Incident Tasks page and the Operational Event Tasks pages work in a similar manner,
with slightly different settings.
Data types
A drop-down list to select data type appears at the top of the page.
Note
The list allows creating tasks that operate on either the incident list/operational events list or the history. The Operational Event
Tasks page has only these two options.
The Incident Tasks page has multiple options, depending on the installed licenses.
Incident task types by license
Option definitions
Option Definition
Data type drop-down list Selects the data type. Tasks are created only for the
selected type.
Set Reviewer Displays reviewer tasks for the selected data type.
Automatic mail Notification Displays email notification tasks for the selected data
type.
Purge events Displays purge tasks for the selected data type.
Task list area Displays tasks based on the current selections. The
available columns vary depending on the data and
task type.
The Set Reviewer task is used to assign reviewers for role-based access to DLP incidents and operational events. Assignments can
be by reviewer group or individual reviewer.
Rule Properties
Option Definition
Option Definition
Rule Criteria
This page defines the criteria that trigger the email notification. The Available Properties list includes McAfee DLP properties and
McAfee ePO properties. You can select any combination of properties from the list.
Option Definition
The mail notification task sends email notification of policy violations to users, managers, or others based on defined criteria.
Rule Properties
Option Definition
Option Definition
Insert variable Variables such as the policy name or the time the
event occurred can be inserted into the email subject
or body by selecting a variable from the drop-down
list and clicking insert.
Option Definition
Email Size Limitation Drop-down list for selecting maximum email size.
Rule criteria
This page defines the criteria that trigger the email notification. The Available Properties list includes McAfee DLP properties and
McAfee ePO properties. You can select any combination of properties from the list.
Rule criteria option definitions
Option Definition
Option Definition
Option Definition
From Enter the email address that the email is sent from.
Evidence Files Attaches the evidence files. The format of the files
depends on the options selected.
Email Size Limitation Specifies the maximum size of the email and
attachments.
The purge task is used to delete incidents from the events table in the DLP Incident Manager or DLP Operational Events based
on defined criteria. Events purged from the incident or operational events list can be viewed on the history page. You can also
create purge tasks for the history page. When you purge incident history, you also purge the evidence files associated with the
incidents. Events purged from the history are lost forever.
Rule Properties
Option Definition
Rule Criteria
This page defines the criteria that trigger the email notification. The Available Properties list includes McAfee DLP properties and
McAfee ePO properties. You can select any combination of properties from the list.
Option Definition
This page describes the DLP Incident Manager history page. Items purged from the Incident Event List page continue to be
displayed on the history page.
Option definitions
Menu bar Present (Incident History page Drop-down list to display either
only) Data-in-use/motion, Data-at-rest
(Endpoint) (McAfee DLP Endpoint
Scan (McAfee DLP Discover Opens the Select scan and run
incidents only) page to specify the scan and scan
instance to display results for.
DLP Operations
Operational Event List page
Operational events provides administrators with a list of administrative events such as policy changes or deployments. Events
from McAfee DLP Endpoint and McAfee DLP Discover are listed, if both products are installed. The list can be filtered for easier
viewing.
The DLP Operations console displays all administrative events connected with McAfee DLP Endpoint operation, such as policy
changes, files being quarantined, or users logging on to Safe Mode. Events triggered by policy violations are displayed in a
separate console, DLP Incident Manager.
Actions definitions
Option definitions
Option Definition
Operational Events (drop-down menu) Sets the display to operational events or operational
events history.
Option Definition
Actions → New Rule Creates a rule according to the task type selected.
This page provides administrators with a list of operational events. Items purged from the Operational Event List page continue
to be displayed on the history page.
Option definitions
Option definitions
User information display area User information list Displays user information based
on the current view and filter
selections.
Option definitions
Option Definition
Option Definition
Actions → Add Comment Opens a text box for adding comments. Maximum
comment length is 500 characters.
Use this page to view and manage cases. You can filter the list for easier viewing.
Option definitions
Option Definition
Use this page to view and modify case details and to view incident details assigned to a case.
Option definitions
Move window
Option definitions
Option Definition
Option definitions
Option Definition
Option definitions
Option Definition
Managing data
DLP predefined dashboards
The following table describes the predefined McAfee DLP dashboards.
DLP: Incident Summary Number of Incidents per day These charts show total
incidents, and give different
DLP: Operations Summary (All Number of Operational events Displays all administrative events.
products) per day
DLP: Policy Summary (All Policy distribution Displays the DLP policy
products) distribution by version
throughout the enterprise. Used
to monitor progress when
deploying a new policy.
DLP: Policy Summary (These Enforced Rule Sets per endpoint Displays a bar chart showing the
options are applicable to McAfee computers rule set name and the number of
DLP Endpoint) policies enforced.
DLP: Endpoint Discovery DLP Discovery (Endpoint): Local Displays a pie chart showing the
Summary (These options are File System Scan Latest Status run status of all local file system
applicable to McAfee DLP scans.
Endpoint)
To use the Data Inventory - Raw Data page, begin by selecting a Scan from the drop-down list. You can filter the display by
selecting limiting values for one or more parameters with the filter Edit control. You can reuse unsaved filters throughout the
work session, or Save the filter for future use as either a public or private filter.
Option definitions
Option Definition
Actions → Choose columns This standard McAfee ePO option allows you to
customize the display. The columns chosen affect all
three displays (Dashboard, Grid, Raw Data) for the
selected scan.
Filter Options
Option Definition
To use the Data Inventory - Grid page, begin by selecting a Scan Name from the drop-down list.
The display is user-configurable as to which parameters are displayed, and the order in which they are displayed by selecting
Actions → Choose Columns in the Raw Data view.
Example: Setting the Analytic Type to Files and selecting the File Size category displays the number of files in each size category
— small, medium, large, and extra large. Click the number to move to the Raw Data display for a complete list of the files. Add a
second category, for example File Extension. Click Expand Table to view the breakdown by subcategories. Add a third category,
or change the second category for a different breakdown.
Option definitions
Option Definition
Scan Name Selects the scan to be displayed. You can review data
from only one scan at a time.
Option Definition
Expand / Collapse Table Changes the display to view more or less data.
Select a category Selects the category for the data breakdown. For
example, File Size displays the number of files per
small (<100 KB), medium (100 KB–1 MB), large (1–5
MB), and extra large (>5 MB) categories.
To use the Data Inventory - Dashboard page, begin by selecting a Scan Name from the drop-down list to analyze a specific scan.
Select an Analytic Type. The analytic type determines the available categories.
The display is user-configurable as to which parameters are displayed, and the order in which they are displayed by selecting
Actions → Choose Columns in the Raw Data view.
Option definitions
Option Definition
Option Definition
System health
Appliance Management page
The following options are available from the Appliance Management → System Health pane.
Option Definition
The center area of the user interface contains the system health cards.
Each managed appliance has its own system health card, providing statistics and information about resources and load. Each
health card includes some standard information, and some information specific to the type of appliance being reported.
Note
If you select a group of appliances in the tree view, each appliance in that group has a health card displayed in the System
Health pane. If you select one appliance in the tree view, only the health card for that appliance is displayed.
Option definitions
Option Definition
Date and Time Options for setting the date and time for your
appliances:
Option Definition
SSH Define the Secure Shell (SSH) access settings for your
appliances.
Select your required option from the drop-down list:
Option Definition
Note
To edit an entry in any of the tables on this page, first select the entry, then click the edit pencil icon.
Option Definition
Enable SNMP alerts Enabling SNMP alerts allows your appliances to issue
SNMP alerts that are sent to your specified SNMP
trap destination.
Trap destination Enter the host name or IP address for the SNMP trap
manager to which your alerts are sent.
McAfee DLP Prevent and McAfee DLP Monitor do not
support IPv6.
Community name Enter the community name that your appliances and
SNMP managers use to identify the SNMP group.
Use the add and delete icons to add or remove SNMP trap destinations from the list. Use the up and down
icons to arrange the destinations in your preferred order.
Option Definition
Option Definition
Allow SNMP monitor for all hosts Select either Allow SNMP monitor for all hosts, or
Allow SNMP monitor for these hosts only.
Option definitions
Option Definition
Note
In a cluster environment, the tree view displays a cluster master and two or more cluster scanners.
The primary statistics are displayed beneath the appliance name. These statistics are the two items of information that are
considered the most important for the appliance type.
To the right of the primary statistics are the other health statistics (area 4) for the appliance. These statistics vary, depending on
the type of appliance to which they relate.
Pane Information
System Health
• Evidence Queue — The number of files waiting to
be copied to evidence storage. The queue size is
real time.
• Emails — The number of messages that were
delivered, were permanently or temporarily
rejected, or could not be analyzed. The counters
show data from the previous 60 seconds.
• Web Requests — The number of received web
requests, and the number of web requests that
could not be analyzed. The counters show data
from the previous 60 seconds.
• CPU usage — The total CPU usage.
• Memory — The memory swap rate.
• Disk — The percentage of disk usage.
• Network — The network interfaces on the
appliance, showing information about received and
transmitted data. The counters show data from the
previous 60 seconds.
• Capture — (Optional) The following statistics are
shown when the DLP Capture feature is enabled on
the appliance.
Pane Information
Note
In a cluster environment, the tree view displays a cluster packet acquisition device, a cluster master, and two or more cluster
scanners.
The primary statistics are displayed beneath the appliance name. These statistics are the two items of information that are
considered the most important for the appliance type.
To the right of the primary statistics are the other health statistics (area 4) for the appliance. These statistics vary, depending on
the type of appliance to which they relate.
Pane Information
System Health
• CPU usage — The total CPU usage.
• Memory — The memory swap rate, and memory
usage and swap usage details.
• Disk — The percentage of disk usage.
• Network — The network interfaces on the
appliance, showing information about received and
transmitted data. The following capture port 1
details are displayed for a standalone appliance
and cluster packet acquisition device:
Pane Information
Pane Information
Error messages
If the appliance is not configured correctly, it tries to identify the problem and sends a temporary or permanent failure message.
The text in parentheses in the error message provides additional information about the problem.
Some error messages relay the response from the Smart Host so the McAfee DLP Prevent response contains the IP address,
which is indicated by x.x.x.x.
For example, 442 192.168.0.1 : Connection refused indicates that the Smart Host with the address 192.168.0.1 did not accept the
SMTP connection.
451 (The system has not been The initial setup was not Register the appliance with a
registered with an ePO server) completed. McAfee ePO server using the
Graphical Configuration Wizard
option in the appliance console.
451 (No DNS servers have been The configuration applied from Configure at least one DNS server
configured) McAfee ePO did not specify any in the General category of the
DNS servers. Common Appliance policy.
451 (No Smart Host has been The configuration applied from Configure a Smart Host in
configured) McAfee ePO did not specify a the McAfee DLP Prevent Email
Smart Host. Settings policy category.
451 (Policy OPG file not found in The policy configuration applied
• Confirm that the Data
configured location) from McAfee ePO was Loss Prevention extension is
incomplete. installed.
• Configure a Data Loss
Prevention policy.
• Contact technical support. The
configuration OPG file must be
applied with the policy OPG file.
451 (LDAP server configuration This error occurs when both Check that the LDAP server is
missing) these conditions are met: selected in the Users and Groups
policy category.
• McAfee DLP Prevent contains
a rule that specifies a sender
as a member of an LDAP user
group.
• McAfee DLP Prevent is not
configured to receive group
information from the LDAP
server that contains that user
group.
451 (Error resolving sender based A policy contains LDAP sender Check that the LDAP server is
policy) conditions, but can't get the available.
information from the LDAP
server because:
451 (FIPS test failed) The cryptographic self-tests Contact technical support.
required for FIPS compliance
failed
451 (Unable to verify data against The registered documents server Check your configuration to
the registered document server) is unavailable. confirm that the server is
442 x.x.x.x: Connection refused McAfee DLP Prevent could not Check that the Smart Host can
connect to the Smart Host receive email.
to send the message, or the
connection to Smart Host was
dropped during a conversation.
451 (The system has not been The initial setup was not Register the appliance with a
registered with an ePO server) completed. McAfee ePO server using the
Graphical Configuration Wizard
option in the appliance console.
451 (No DNS servers have been The configuration applied from Configure at least one DNS server
configured) McAfee ePO did not specify any in the General category of the
DNS servers. Common Appliance policy.
451 (Policy OPG file not found in The policy configuration applied
• Ensure that the Data Loss
configured location) from McAfee ePO was Prevention extension is
incomplete. installed.
• Configure a Data Loss
Prevention policy.
• Contact technical support. The
configuration OPG file must be
applied with the policy OPG file.
451 (FIPS test failed) The cryptographic self-tests Contact technical support.
required for FIPS compliance
failed
451 (Unable to verify data against The registered documents server Check your configuration to
the registered document server) is unavailable. confirm that the server is
available, and the details you
entered are correct.
530 Authentication required MTA doesn't send AUTH Configure MTA to send AUTH
credentials. LOGIN credentials.
530 Authentication required - The Smart Host doesn't present Configure the Smart Host to send
AUTH conversation is required AUTH as part of its response AUTH LOGIN credentials.
for onward delivery to the McAfee DLP Prevent
appliance's EHLO request.
504 Error: Supported The Smart Host doesn't support The Smart Host must support
authentication mechanism the LOGIN mechanism for the LOGIN mechanism for
unavailable for onward delivery authentication. authentication.
550 Host / domain is not McAfee DLP Prevent refused the Check that the MTA is in the list
permitted connection from the source MTA. of permitted hosts in the McAfee
DLP Prevent Email Settings
policy category.
550 x.x.x.x: Denied by policy. TLS The Smart Host did not accept a Check the TLS configuration on
conversation required STARTTLS command but McAfee the host.
DLP Prevent is configured to
500 (Unable to verify data against The registered documents server Check your configuration to
the registered document server) is unavailable. confirm that the server is
available, and the details you
entered are correct.
500 (LDAP server configuration This error occurs when both Check that the LDAP server is
missing) these conditions are met: selected in the Users and Groups
policy category.
• McAfee DLP Prevent contains a
rule that specifies an end-user
as a member of an LDAP user
group.
• McAfee DLP Prevent is not
configured to receive group
information from the LDAP
server that contains that user
group.
500 (Error resolving end-user A policy contains LDAP sender Check that the LDAP server is
based policy) conditions, but can't get the available.
information from the LDAP
server because:
Trellix, FireEye and Skyhigh Security are the trademarks or registered trademarks of Musarubra US LLC, FireEye Security Holdings US LLC and
their affiliates in the US and /or other countries. McAfee is the trademark or registered trademark of McAfee LLC or its subsidiaries in the US
and /or other countries. Other names and brands are the property of these companies or may be claimed as the property of others.