McAfee DTP-165C-DPVG Installation Guide - Page 71

Integrating McAfee DLP Endpoint into a unified policy system Configuring McAfee DLP Endpoint on McAfee DLP Manager 7 When these operations are complete, you can define unified rules on the Policies page, then view the Incidents | Data-in-Use dashboard to verify that the endpoint events are being generated and reported. Click the Columns icon, then add or remove columns to display exactly the information that is needed. Generate a global policy for McAfee DLP Endpoint When you manage endpoints from McAfee DLP Manager, you must generate a policy, set a posting interval, and select a compatibility mode. These settings support the distribution of McAfee DLP Endpoint events to McAfee DLP Manager dashboards through ePolicy Orchestrator. Rule definitions for McAfee DLP Endpoint were originally designed to share a single global policy definition - only one policy supported multiple rules. But McAfee DLP Manager is designed around a collection of unified international policies, and the McAfee DLP Endpoint global policy is accommodated within that system. If McAfee Host DLP is already installed on ePolicy Orchestrator, using the McAfee DLP Endpoint networked version will overwrite the events on the evidence server. Because of this potential problem, you must deliberately generate a policy to support installation of the updated endpoint product. You must also set an interval for posting policy modifications through ePolicy Orchestrator. By default, rule definitions are updated on the McAfee DLP Endpoint extension every 30 seconds, but you can define a more conservative transfer interval (up to two hours, or 7200 seconds) by editing the Time Duration for Posting Policy Definition setting. Task 1 In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Sys Config | Endpoint Configuration | Miscellaneous and click Manage Endpoints. 2 On your Linux-based appliance, select System | Endpoint Configuration | Miscellaneous and click Manage Endpoints. 3 Select the Generate Policy for Endpoint checkbox. 4 In the Time Duration for Posting Policy Definition field, enter a number between 30 and 7200 seconds. The policy is generated, posted from McAfee DLP Manager to ePolicy Orchestrator, saved in the database, forwarded to the connected agents, and updated at the defined interval. 5 Click Submit. Maintaining compatibility with installed McAfee clients Because McAfee DLP Manager supports multiple versions of McAfee DLP Endpoint client, the system must be configured to handle the correct McAfee DLP agent before the system is implemented. Management of endpoints by McAfee DLP Manager is disabled by default to avoid interference with any existing McAfee DLP Host (v9.0 and 9.1) or McAfee DLP Endpoint (v9.2) operations that might already be running on ePolicy Orchestrator. Because any existing software installations must continue to be supported, the default unified policy configuration is not activated until you generate a policy to provide the groundwork for connection with the McAfee Agent client through ePolicy Orchestrator. Endpoints cannot be managed until a policy is assigned, and events cannot be monitored until the McAfee Agent client has been updated. The default configuration is DLP Agent 9.0 and above. If the McAfee Host DLP product installed on McAfee ePolicy Orchestrator was released before version 9.1, no change is needed on the Manage Endpoints page. The unified policy management process is initiated by selecting the Generate Policy for Endpoint checkbox on the system Manage Endpoints page. McAfee Data Loss Prevention 9.2.0 Installation Guide 71