McAfee DTP-165C-DPVG Installation Guide - Page 72

7 Integrating McAfee DLP Endpoint into a unified policy system Configuring McAfee DLP Endpoint on McAfee DLP Manager The most significant reason for maintaining earlier versions of the endpoint product is the need for staged updates. A group of clients might be updated to the new version, but support for older clients still in use might still be needed. The need for digital rights management, which controls use of digital content not authorized by the content provider, might be an additional consideration. This feature of McAfee DLP Endpoint (also known as McAfee Host DLP) is not supported in McAfee DLP Manager, so network and endpoint applications might have to be run separately. But if McAfee DLP Endpoint 9.1 is installed and digital rights management is not needed, No compatibility should be selected. This means that the new features in that release will be available in the network product suite. Features like Document Scan Scope and Password Protected Files will appear in the user interface only if the 9.1 version of the McAfee Agent client is accessible through McAfee DLP Manager. Set an Agent Override password An Agent Override password must be defined before doing any McAfee DLP Endpoint task to ensure encryption and decryption of evidence, and the possibility of reversing any default reactions. A key must be used to unblock quarantined files, unlock and decrypt encrypted files, request justification for blocked actions, or work around any other events that have been generated by McAfee Agent. The administrator provides this password when appropriate. For example, a unified rule might protect a certain group of financial files on certain network shares and all endpoints. But because certain endpoint users will need read and write access to those files, it might include a selected Request Justification checkbox in the Data-in-Use action rule that is applied to that rule. As a result, when an authorized user opens the blocked file, he might be presented with a Request Justification pop-up that will allow the administrator to make an exception to the rule by providing the password. (The specific process and action is determined by the administrator.) Task 1 In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Sys Config | Endpoint Configuration | Miscellaneous and click Agent Override Password. 2 On your Linux-based appliance, select System | Endpoint Configuration | Miscellaneous and click Agent Override Password. 3 Enter a password in the Password field and confirm it. McAfee DLP Endpoint 9.2 requires strong passwords - 8 or more upper and lower case characters, plus a number and a symbol. 4 Click Submit. Set the manual tagging option If you have administrative privileges, you can apply tag labels to allow trusted users to classify specific documents . If the Allow Manual Tagging checkbox is selected during that process, the tag is visible to your trusted users, who can use it to classify specific documents by applying the appropriate tag. Before you begin McAfee DLP Endpoint and its components must be set up on McAfee DLP Manager. After they are created, manual tags are pushed to users at endpoints by the McAfee Agent client. The ability to classify documents with tags encourages users to take independent action to protect files within their areas of responsibility. For example, users at medical facilities might be trusted to apply HIPAA tags to patient records that must be kept confidential by law. 72 McAfee Data Loss Prevention 9.2.0 Installation Guide