There may be some requirement to apply DLP Device Protection Policy to the endpoint machines like USB complete allow, USB complete , USB Read only, etc. for one day or one week or one month. Currently there is no option in the DLP or McAfee Agent to create a DLP Policy for time based.

 

But the same can be implemented using System tags and Server task in the ePO. Below are the steps to be followed:

  1. Create a tag with no criteria and apply to the machines.

  2. Create a Policy Assignment Rules – With a rule stating that machines with the tag (newly created) should be applied with required DLP policy.

  3. Create a Query – To identify the machines applied with Tag.

  4. Create a Server task – Task to clear the tag in the machines at specified time.

 

Example: Allow USB to machines for a week.

 

Step 1: Create a tag with no criteria and apply to the machines.

  • Created a new tag with no criteria selected. Named as – “USB Allow – 1 week

 

  • Applied to 5 machines in the system tree

 

 

Step 2: Create a Policy Assignment Rules – With a rule stating that machines with the tag (newly created) should be applied with required DLP policy.

  • Select the Policy Assignment Rules from ePO Menu

 

 

 

  • Name the Policy Assignment Rule as – “USB Allow – 1 Week

 

 

  • the required policy in the rule – “McAfee Everything Allow

 

  • Give the Criteria as machines with Tag – “USB Allow – 1 week

 

 

  • Below rule will USB access to all the machines which are applied with the tag.

NOTE: Policy assignment through Policy Assignment Rules takes the priority against policy applied on system tree node level.

 

 

 

  • There can be multiple rule created in Policy Assignment Rules with its own priority.

 

Step 3: Create a Query – To identify the machines applied with Tag.

  • Create a Query in the Queries & Reports

 

Note: Chart type should be Table if other type is select it cannot be used in Server task.

 

  • In Filter, Again give the criteria as machines with Tag – “USB Allow – 1 Week

 

 

 

  • Once you execute the query you will be able to see the machines with tag applied. In the example, 5 Machines will be showed in the output

 

Step 4: Create a Server task – Task to clear the tag in the machines at specified time.

  • Create a new Server task.

 

 

  • Name the Server task. – Clear Tag : Weekly

 

 

  • In the action, select the Run Query in the first action and clear tag option in the sub-action.

 

 

 

 

  • The motto of this server task: Machines with the tag will be enabled with the required DLP policy and the same should be disabled after 1 week. By this Server task the tag will be removed automatically after 1 week.

 

Above steps can be modified as per the requirement by changing the Tag name, Query name, and Server task name. For example, 3 different tag can be created like 1 day, 1 week and 1 month and server task for the same running accordingly like Clear tag : 1 day – deleting the tag , Clear tag : 1 week – deleting the tag weekly and Clear tag : 1 month – deleting the tag monthly.



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here