McAfee Device Control protects your data from falling into the wrong hands via removable storage devices and media, such as USB drives, MP3 players, CDs, and DVDs. It enables you to specify and categorize which devices may or may not be used and enforce what data can and cannot be transferred to these devices — in the office, at home, or on the move. Device Control provides content- and context-aware, device-blocking capabilities such as:
Comprehensive device and data management — Control how users copy data to USB drives, iPods, recordable CDs and DVDs, Bluetooth and infrared devices, imaging equipment, COM and LPT ports, and more.
Granular controls — Specify which devices can and can’t be used, define what data can and can’t be copied onto allowed devices, and restrict users from copying data from specific locations and applications.
Centralized management — Centrally define, deploy, manage, and update security policies and agents throughout your enterprise. Set device and data policies by user, group, or department.
Advanced reporting and auditing capabilities — Support compliance with detailed user- and device-level logging. Gather details such as device, time stamp, and data evidence for prompt and proper audits.
In an Active Directory domain, you can leverage user based policies with Device Control. In Workgroup mode, only local user or machine-based policies are possible. During the installation of this McAfee endpoint suite, the Device Control client and associated management files were checked into your ePO server. A deployment task was automatically created for you as well. Note that after deployment of Device Control, a reboot is required.
The installer automatically checks McAfee Device Control into the ePolicy Orchestrator software repository; however, additional steps need to be taken to properly configure Device Control for use. The following steps take you through the installation of the McAfee DLP Management Tools.
Entering the License Key for Device Control
A license key for Device Control was provided as part of the download. The key is located in a file called McAfeeDC93LicenseKey.txt in the \PostInstall directory where you unzipped the installer. The following steps detail the processes for entering the license key.
Evidence and Whitelist Folders
Two folders must be created and shared, and their properties and security settings must be configured appropriately. The folders do not need to be on the same computer as ePolicy Orchestrator, but it is usually convenient to put them there. Create the following directory structure on the ePolicy Orchestrator server:
Configure the Share Names and Permissions
Configuration of the folders on Windows 2008 Server for Device Control requires specific security settings.
NOTE: The Deployment task for your Workstations and Laptops groups already included Device Control, but it was deployed without a policy. You will need to create a policy in order to control permitted actions regarding removable devices such as USB drives, iPods, cameras, and other devices.