McAfee DTP-1650-MGRA Installation Guide - Page 73

Integrating McAfee DLP Endpoint into a unified policy system Configuring McAfee DLP Endpoint on McAfee DLP Manager 6 Generate a global policy for McAfee DLP Endpoint When you manage endpoints from McAfee DLP Manager, you must generate a policy, set a posting interval, and select a compatibility mode. These settings support the distribution of McAfee DLP Endpoint events to McAfee DLP Manager dashboards through ePolicy Orchestrator. Rule definitions for McAfee DLP Endpoint were originally designed to share a single global policy definition - only one policy supported multiple rules. But McAfee DLP Manager is designed around a collection of unified international policies, and the McAfee DLP Endpoint global policy is accommodated within that system. If McAfee Host DLP is already installed on ePolicy Orchestrator, using the McAfee DLP Endpoint networked version will overwrite the events on the evidence server. Because of this potential problem, you must deliberately generate a policy to support installation of the updated endpoint product. You must also set an interval for posting policy modifications through ePolicy Orchestrator. By default, rule definitions are updated on the McAfee DLP Endpoint extension every 30 seconds, but you can define a more conservative transfer interval (up to two hours, or 7200 seconds) by editing the Time Duration for Posting Policy Definition setting. Task 1 Open the Manage Endpoints page in one of two ways: • In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Sys Config | Endpoint Configuration | Miscellaneous and click Manage Endpoints. 2 Select the Generate Policy for Endpoint checkbox. 3 In the Time Duration for Posting Policy Definition field, enter a number between 30 and 7200 seconds. The policy is generated, posted from McAfee DLP Manager to ePolicy Orchestrator, saved in the database, forwarded to the connected agents, and updated at the defined interval. 4 Click Submit. Maintaining compatibility with installed McAfee clients Because McAfee DLP Manager supports multiple versions of McAfee DLP Endpoint client, the system must be configured to handle the correct McAfee DLP agent before the system is implemented. Management of endpoints by McAfee DLP Manager is disabled by default to avoid interference with any existing McAfee DLP Host (v9.0 and 9.1) or McAfee DLP Endpoint (v9.2) operations that might already be running on ePolicy Orchestrator. Because any existing software installations must continue to be supported, the default unified policy configuration is not activated until you generate a policy to provide the groundwork for connection with the McAfee Agent client through ePolicy Orchestrator. Endpoints cannot be managed until a policy is assigned, and events cannot be monitored until the McAfee Agent client has been updated. The default configuration is DLP Agent 9.0 and above. If the McAfee Host DLP product installed on McAfee ePolicy Orchestrator was released before version 9.1, no change is needed on the Manage Endpoints page. The unified policy management process is initiated by selecting the Generate Policy for Endpoint checkbox on the system Manage Endpoints page. The most significant reason for maintaining earlier versions of the endpoint product is the need for staged updates. A group of clients might be updated to the new version, but support for older clients still in use might still be needed. The need for digital rights management, which controls use of digital content not authorized by the content provider, might be an additional consideration. This feature of McAfee DLP Endpoint (also known as McAfee Host DLP) is not supported in McAfee DLP Manager, so network and endpoint applications might have to be run separately. McAfee Data Loss Prevention 9.2.1 Installation Guide 73