Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Similar documents
Data Loss Prevention Discover 11.0

McAfee MVISION Endpoint 1811 Installation Guide

McAfee MVISION Endpoint 1808 Installation Guide

McAfee Client Proxy Installation Guide

McAfee Client Proxy Product Guide

McAfee File and Removable Media Protection Installation Guide

Data Loss Prevention Endpoint

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Data Loss Prevention Endpoint 9.4.0

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

Installation Guide. McAfee Web Gateway Cloud Service

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Data Loss Prevention Endpoint 10.0

McAfee Content Security Reporter 2.6.x Installation Guide

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Data Loss Prevention Endpoint

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Data Protection for Cloud 1.0.1

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

McAfee File and Removable Media Protection 6.0.0

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Data Loss Prevention Endpoint

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Endpoint Security

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

Migration Guide. McAfee File and Removable Media Protection 5.0.0

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee File and Removable Media Protection Product Guide

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Investigator Product Guide

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

Boot Attestation Service 3.0.0

McAfee Boot Attestation Service 3.5.0

McAfee Content Security Reporter 2.6.x Migration Guide

Migration Guide. McAfee Content Security Reporter 2.4.0

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Host Intrusion Prevention 8.0

McAfee epolicy Orchestrator 5.9.1

Installing Client Proxy software

McAfee Endpoint Security for Servers Product Guide

Installation Guide Revision B. McAfee Active Response 2.2.0

McAfee Data Loss Prevention Endpoint

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

Addendum. McAfee Virtual Advanced Threat Defense

McAfee MVISION Mobile epo Extension Product Guide

McAfee Policy Auditor Installation Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee Application Control Windows Installation Guide

Addendum. McAfee Virtual Advanced Threat Defense

McAfee SiteAdvisor Enterprise 3.5.0

McAfee Policy Auditor 6.2.2

McAfee MVISION Mobile Citrix XenMobile Integration Guide

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee epolicy Orchestrator Software

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee Cloud Workload Security Product Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee Change Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Change Control and McAfee Application Control 8.0.0

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee MVISION Mobile MobileIron Integration Guide

McAfee epolicy Orchestrator Installation Guide

McAfee Active Response 2.0.0

McAfee MVISION Mobile Silverback Integration Guide

McAfee Management of Native Encryption 3.0.0

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

Product Guide. McAfee Web Gateway Cloud Service

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)

Product Guide. McAfee Web Gateway Cloud Service

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee MVISION Mobile AirWatch Integration Guide

McAfee Agent 5.6.x Product Guide

McAfee Cloud Identity Manager

Firewall Enterprise epolicy Orchestrator

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Identity Manager

McAfee Threat Intelligence Exchange Installation Guide

McAfee Cloud Identity Manager

McAfee Endpoint Security Installation Guide. (McAfee epolicy Orchestrator)

Product Guide. McAfee Content Security Reporter 2.4.0

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

Release Notes - McAfee Deep Defender 1.0

McAfee Application Control Windows Installation Guide. (Unmanaged)

Migration Guide Revision B. McAfee Data Loss Prevention 10.x and 11.0

McAfee Cloud Identity Manager

Transcription:

Revision A McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Contents 1 Installation overview 5 Which type of installation do you need?........................... 5 First-time installation workflow.............................. 7 Virtual environment installation workflow.......................... 8 Upgrade workflow.................................. 9 2 Planning your deployment 11 McAfee DLP Endpoint or Device Control options....................... 11 3 System requirements 13 4 Pre-installation tasks 17 Pre-installation tasks: first-time installation......................... 17 Download product extensions and installation files................... 17 Create end-user definitions............................ 18 Create permission sets............................. 19 Pre-installation tasks: upgrade............................. 19 5 Install software for the first time 21 Install the extension using Software Catalog (Software Manager)................. 21 Install the extension manually........................... 22 Install the DLP extension manually............................ 22 Install the McAfee DLP Endpoint or Device Control client software manually............. 22 Deploy the client to the endpoints.......................... 23 6 Upgrade to a new software version 25 Upgrade McAfee DLP Endpoint or Device Control client.................... 25 7 Post-installation tasks 27 Post-installation tasks: first time installation........................ 27 License McAfee DLP.............................. 27 Configure McAfee Behavioral Analytics and McAfee Skyhigh Security Cloud integration...... 28 Create and configure evidence folders....................... 30 Third party installation............................. 31 Post-installation tasks, upgrade installation......................... 32 Post-installation tasks: apply backward compatibility.................. 32 A Remove DLP software 33 Remove McAfee DLP Endpoint client software with McAfee epo................. 33 Remove McAfee DLP Endpoint client with DLP Help Desk.................... 33 Remove the McAfee DLP extension............................ 34 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 3

Contents 4 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

1 1 Installation overview Contents Which type of installation do you need? First-time installation workflow Virtual environment installation workflow Upgrade workflow Which type of installation do you need? Install McAfee Data Loss Prevention (McAfee DLP) software as a first-time installation or upgrade in McAfee epolicy Orchestrator (McAfee epo ) on an on-premises, VDI, or AWS server. Deploy the McAfee Device Control or McAfee Data Loss Prevention Endpoint (McAfee DLP Endpoint) client software as a first-time installation or upgrade on network endpoints. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 5

1 Installation overview Which type of installation do you need? McAfee DLP Endpoint software has two parts: McAfee DLP extension Installs in McAfee epo Defines rules and policies Monitors and analyzes incidents and operational events Manages cases 6 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Installation overview First-time installation workflow 1 McAfee DLP Endpoint client Installs as a client in McAfee Agent on network endpoints Enforces rules and policies Collects evidence McAfee DLP Endpoint client software is available in two configurations: McAfee Data Loss Prevention and McAfee Device Control Protects against data loss through the broadest set of data-loss channels: removable devices, non-system hard disks, email or email attachments, web posts, clipboard or screen capture, printing, file system, and more. McAfee Device Control Protects against data loss by preventing unauthorized use of removable media devices. There is no difference in the installation between the configurations. Both client configurations are available for installation on Microsoft Windows and OS X or macos computers. First-time installation workflow Before you can install McAfee DLP for the first time, you must install and set up McAfee epo in the required configuration, and deploy McAfee Agent to the network endpoints. 1 Download the software from the McAfee DLP download site, or use the McAfee epo Software Manager to view, download, and install the software. In McAfee epo 5.10, the Software Manager is called Software Catalog. 2 Install the McAfee DLP extension in the McAfee epo Extensions. 3 Check the McAfee DLP Endpoint client package into the McAfee epo Master Repository. 4 Deploy McAfee Agent to the endpoints from the McAfee epo System Tree. 5 Deploy the client software to the endpoints from the McAfee epo System Tree. 6 Verify the installation in the DLP Operations console. DLP Operations is a feature of the McAfee DLP extension in McAfee epo. You must install at least one license on the DLP Settings page to use any of the McAfee DLP features. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 7

1 Installation overview Virtual environment installation workflow Virtual environment installation workflow McAfee DLP can be installed on Virtual Device Interface (VDI) environments. Installing McAfee DLP Endpoint in a virtual environment requires a McAfee epo server in the network in addition to the servers running Citrix XenApp, XenDesktop, or VMware Horizon software. 1 Download the software from the McAfee DLP download site. 2 Install the McAfee DLP extension in the McAfee epo Extensions. 3 Check the McAfee DLP Endpoint client for Windows package into the McAfee epo Master Repository. 4 Deploy the McAfee DLP Endpoint client to Citrix controllers for XenApp and XenDesktop, or to VMware Horizon, as to any endpoint. You don't need to deploy McAfee DLP Endpoint client to the network endpoints to work in a virtual environment. Citrix Receiver or VMware Blast installed on the endpoints is all that is required. 8 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Installation overview Upgrade workflow 1 Upgrade workflow McAfee DLP Endpoint or Device Control client software is identical to first-time installation, except that McAfee DLP extension is already installed in McAfee epo and McAfee Agent is already installed on the endpoint. Upgrade the McAfee DLP extension in McAfee epo before upgrading the client software. Newer McAfee DLP extensions can manage older client versions by setting backward compatibility, but new client versions are only compatible with the matching extension version. 1 Download the software from the McAfee DLP download site, or use the McAfee epo Software Manager to view, download, and install the software. In McAfee epo 5.10 the Software Manager is named Software Catalog. 2 Check the McAfee DLP Endpoint client upgrade package into the McAfee epo Master Repository. 3 Deploy the client software to the endpoints from the McAfee epo System Tree. 4 Verify the installation in the DLP Operations console. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 9

1 Installation overview Upgrade workflow 10 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

2 2 Planning your deployment McAfee DLP Endpoint or Device Control options The McAfee DLP extension can run on physical or virtual servers. Large networks typically divide the workload by LAN or workgroup, and McAfee DLP can assign different policies to different groups. Reporting can be by group, or a rollup data server task can collect data from several servers to produce a single report. McAfee DLP supports multiple versions of McAfee DLP Endpoint with the backward compatibility option in DLP Settings. McAfee DLP Endpoint performs cryptographic operations in a way that is compliant with FIPS 140-2. Use settings in the Windows registry to turn FIPS 140-2 compliancy on and off. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 11

2 Planning your deployment McAfee DLP Endpoint or Device Control options 12 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

3 3 System requirements McAfee DLP extension McAfee DLP extension runs in McAfee epo on a server or VDI system with a Microsoft Windows Server operating system. Hardware and software details are given below. Table 3-1 Minimum requirements for running McAfee DLP extension Item Computer hardware McAfee epo Specifications CPU: Intel Pentium IV 2.8 GHz or higher RAM: 1 GB minimum (2 GB recommended) Hard disk: 80 GB minimum 5.3.3 HF1230649 5.9.1 5.10 Install the McAfee DLP extension in your existing McAfee epo version before updating to 5.10. Virtual operating systems Citrix XenDesktop VMware View McAfee Device Control and McAfee DLP Endpoint for Windows McAfee DLP Endpoint client and Device Control run on computers with the Windows or Windows Server operating systems. Hardware and software details are given below. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 13

3 System requirements Table 3-2 Minimum requirements for Windows endpoints Item Computer hardware Specifications CPU: Intel Pentium IV 1 GHz or higher RAM: 1 GB minimum (2 GB recommended) Hard disk: 300 MB minimum free disk space (500 MB recommended) McAfee Agent for Windows 5.0.6 5.5.0 5.5.1 Remote desktops Citrix XenApp Microsoft Remote Desktop McAfee Device Control and McAfee DLP Endpoint for Mac McAfee DLP Endpoint for Mac and Device Control for Mac run on computers with macos or OS X operating systems. Hardware and software details are given below. Table 3-3 Minimum requirements for Windows endpoints Item Computer hardware McAfee Agent for Mac Specifications CPU: Intel Pentium IV 1 GHz or higher RAM: 1 GB minimum (2 GB recommended) Hard disk: 300 MB minimum free disk space (500 MB recommended) 5.0.2.185 for OS X 5.0.4, 5.0.5, and 5.0.6 for macos 10.12 Sierra 5.0.6.347.1 for macos 10.13 High Sierra 5.5.1 for macos 10.14 Mojave Software that works with McAfee DLP McAfee DLP works in conjunction with both McAfee and third-party software in providing data protection. Table 3-4 Products that supply input for policy configuration Product Versions McAfee Behavioral Analytics McAfee Data Exchange Layer (DXL) 3.1, 4.0, 4.1, and 4.1.2 McAfee Threat Intelligence Exchange (TIE) 10.2.3 McAfee File and Removable Media Protection (FRP) 4.3.1 HF2, 5.0.5, 5.0.6 McAfee Skyhigh Security Cloud Boldon James Email and Office Classifier 3.11 Boldon James File Classifier 3.10.1 Microsoft Rights Management Service (RMS) client 1.0.2004.0, 1.0.3274.818 Seclore FileSecure Policy Server 2.78.0.0 Seclore Desktop Client 3.6.2 14 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

System requirements 3 Table 3-4 Products that supply input for policy configuration (continued) Product Versions Titus Classification Suite 4.7 HF 3 Titus SDK 3.1.13.4 Table 3-5 Products that can be specified in policies Product class Product Versions Browsers Google Chrome, 32-bit and 64-bit 68.0.3440.106 Microsoft Edge 38-41 Internet Explorer 11 Mozilla Firefox, 32-bit and 64-bit 48 58 Office applications Adobe Acrobat Pro X and XI Adobe Reader 11.0.10 and DC 2018.009.20044 Lotus Notes client software 8.5.3, 9.0.1 Microsoft Office, 32-bit and 64-bit 2010, 2013 SP1, 2016 Microsoft Outlook, 32-bit and 64-bit 2010, 2013 SP1, 2016 Microsoft SharePoint 2010, 2013, 2016 See also Pre-installation tasks: first-time installation on page 17 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 15

3 System requirements 16 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

4 Pre-installation 4 tasks Contents Pre-installation tasks: first-time installation Pre-installation tasks: upgrade Pre-installation tasks: first-time installation Before you begin McAfee DLP software requires a McAfee epo server. The type of server on-premises, VDI, or AWS doesn't matter. For details about product features, usage, and best practices, click? or Help. 1 Create end users and groups for administrative assignments. 2 Deploy McAfee Agent to the endpoints. s Download product extensions and installation files on page 17 Download the files for your installation. Create end-user definitions on page 18 McAfee DLP accesses Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) servers to create end-user definitions. Create permission sets on page 19 Permission sets define different administrative and reviewer roles in McAfee DLP software. You can assign permissions to view and save policies and view redacted fields, as well as assign role-based access control (RBAC). See also System requirements on page 3 Create end-user definitions on page 18 Create permission sets on page 19 Download product extensions and installation files Download the files for your installation. Before you begin Locate the grant number you received after purchasing the product. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 17

4 Pre-installation tasks Pre-installation tasks: first-time installation McAfee publishes BIOS images for the hardware appliances that contain the BMC firmware. Make sure that the server board is updated with the latest firmware published by McAfee. Contact Technical Support for the latest version of the firmware. All McAfee DLP products use the McAfee DLP extension for McAfee epo. Install DLP_Mgmt_version_Package.zip as your starting point. You can also use the McAfee epo Software Catalog on McAfee epo 5.10 (Menu Software Software Catalog) to view, download, and install the software. In McAfee epo 5.9 or earlier, select Software Manager (Menu Software Software Manager) to view, download, and install the software. 1 In a web browser, go to https://www.mcafee.com/us/downloads/downloads.aspx. 2 Click Download. Enter your grant number, then select the product and version. 3 On the Software Downloads tab, select and save the appropriate file. File description McAfee Data Loss Prevention extension Client software package for McAfee epo Client software StandAlone File name DLP_Mgmt_11.1_Package.zip HDLP_Agent_11_1_0_xxx.zip DLPAgentInstaller.x64.exe DLPAgentInstaller.x86.exe DLPAgentInstallWithLog.x64.bat DLPAgentInstallWithLog.x86.bat Create end-user definitions McAfee DLP accesses Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) servers to create end-user definitions. End-user groups are used for administrator assignments and permissions, and in protection and device rules. They can consist of users, user groups, or organizational units (OU), allowing the administrator to choose an appropriate model. Enterprises organized on an OU model can continue using that model, while others can use groups or individual users as needed. LDAP objects can be identified by name or security ID (SID). SIDs are more secure, and permissions can be maintained even if accounts are renamed. On the other hand, they are stored in hexadecimal, and have to be decoded to convert them to a readable format. For details about product features, usage, and best practices, click? or Help. 1 In McAfee epo, select Menu Data Protection DLP Policy Manager. 2 Click the Definitions tab. 3 Select Source/Destination End-User Group, then Actions New. 4 In the New End-User Group page, enter a unique name and optional description. 5 Select the method of identifying objects (SID or name). 18 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Pre-installation tasks Pre-installation tasks: upgrade 4 6 Click one of the Add buttons (Add Users, Add Groups, Add OU). The selection window displays the selected type of information. The display might take a few seconds if the list is long. If no information appears, select Container and children from the Preset drop-down list. 7 Select names and click OK to add them to the definition. Repeat the operation as needed to add users, groups, or organizational users. 8 Click Save. See also Pre-installation tasks: first-time installation on page 17 Create permission sets Permission sets define different administrative and reviewer roles in McAfee DLP software. You can assign permissions to view and save policies and view redacted fields, as well as assign role-based access control (RBAC). DLP Administrators need permissions for Data Loss Prevention and DLP Help Desk Actions. Other permission sets are optional. For details about product features, usage, and best practices, click? or Help. 1 In McAfee epo select Menu User Management Permission Sets. 2 Select a predefined permission set, click New Permission Set to create a permission set, or Import to import a permission set. 3 In the Data Loss Prevention section, click Edit. a In the left pane, select a data protection module. Incident Management, Operational Events, and Case Management can be activated separately. Other options automatically create predefined groups. b c Edit the options and override permissions as needed. Policy Catalog has no options to edit. If you are assigning Policy Catalog to a permission set, you can edit the sub-modules in the Policy Catalog group. Click Save. 4 In the DLP Help Desk Actions section, click Edit. 5 Select the key or keys the administrator is allowed to generate. The Generate master response key option becomes available when at least one other key is selected. 6 Click Save. See also Pre-installation tasks: first-time installation on page 17 Pre-installation tasks: upgrade There are no specific pre-installation tasks for upgrade installation. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 19

4 Pre-installation tasks Pre-installation tasks: upgrade See also Upgrade workflow on page 9 20 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

5 Install 5 software for the first time Contents Install the extension using Software Catalog (Software Manager) Install the DLP extension manually Install the McAfee DLP Endpoint or Device Control client software manually Install the extension using Software Catalog (Software Manager) In McAfee epo 5.10, you can use Software Catalog to install, upgrade, and remove extensions. In McAfee epo 5.9 or earlier, select Software Manager to install, upgrade, and remove extensions. Before you begin Verify that the McAfee epo server name is listed under Trusted Sites in the Internet Explorer security settings. For details about product features, usage, and best practices, click? or Help. 1 In McAfee epo 5.10, select Menu Software Software Catalog. In McAfee epo 5.9 or earlier, select Menu Software Software Manager. 2 In the left pane, expand Software (by Label) and select Data Loss Prevention. 3 Select your McAfee DLP product. Select McAfee Data Loss Prevention and Device Control 11.1 The install package details display in the lower pane. 4 For all available software, click Check In. 5 Select the checkbox to accept the agreement, then click OK. The extension is installed. Extensions that are checked in appear in the Checked In Software list. As new versions of the software are released, you can use the Update option to update the extensions. s Install the extension manually on page 22 Install the extension using the Extensions page. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 21

5 Install software for the first time Install the DLP extension manually Install the extension manually Install the extension using the Extensions page. Before you begin Download the McAfee DLP extension from the McAfee download site. For details about product features, usage, and best practices, click? or Help. 1 In McAfee epo, select Menu Software Extensions, then click Install Extension. 2 Browse to the extension.zip file and click OK. The installation dialog box displays the file parameters to verify that you are installing the correct extension. 3 Click OK to install the extension. Install the DLP extension manually Before you begin Download the extension software from the McAfee download site or use the Software Manager (with the Download option). For details about product features, usage, and best practices, click? or Help. 1 In McAfee epo, select Menu Software Extensions, then click Install Extension. 2 Browse to the extension.zip file and click OK. The installation dialog box displays the file parameters to verify that you are installing the correct extension. 3 Click OK. The extension is installed. Install the McAfee DLP Endpoint or Device Control client software manually McAfee DLP clients are deployed from themcafee epo Master Repository. Before you begin Download the client software from the McAfee download site or use the Software Manager (with the Download option). 22 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Install software for the first time Install the McAfee DLP Endpoint or Device Control client software manually 5 For details about product features, usage, and best practices, click? or Help. 1 In McAfee epo, select Menu Software Master Repository. 2 In the Master Repository, click Check In Package. 3 Select package type Product or Update (.ZIP), then click Browse. McAfee DLP clients are named \HDLP_Agent_[version number].zip. 4 Click Next. 5 Review the details on the Check in Package page, then click Save. The package is added to the Master Repository. 6 Deploy the clients to the endpoints with McAfee epo You can also deploy McAfee DLP Endpoint client software to your network using third-party enterprise software deployment tools. s Deploy the client to the endpoints. on page 23 Use McAfee epo to deploy the client software to the endpoints. Deploy the client to the endpoints. Use McAfee epo to deploy the client software to the endpoints. Before you begin The McAfee DLP Endpoint package must be installed in the McAfee epo Master Repository. For details about product features, usage, and best practices, click? or Help. 1 In McAfee epo, select Menu System Tree. 2 In the System Tree, select the level at which to deploy McAfee DLP Endpoint. Leaving the level at My Organization deploys to all workstations managed by McAfee epo. If you select a level under My Organization, the right pane displays the available workstations. You can also deploy McAfee DLP Endpoint to individual workstations. 3 Open the Client Builder wizard: a Click the Assigned Client s tab. b Select Actions New Client Assignment. The Client Builder wizard opens. 4 Fill in the Builder fields: a In the Product field, select McAfee Agent. b In the Type field, select Product Deployment. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 23

5 Install software for the first time Install the McAfee DLP Endpoint or Device Control client software manually 5 Click Create New. 6 In the Products and Components field, select Data Loss Prevention 11.1, then click Save. The Action field automatically resets to Install when you select the product. 7 Change the Schedule type to Run immediately, then click Next. 8 Review the task summary. When you are satisfied that it is correct, click Save. The task is scheduled for the next time the McAfee Agent updates the policy. To force the installation to take place immediately, issue an agent wake-up call. 24 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

6 Upgrade to a new software version Upgrade McAfee DLP Endpoint or Device Control client Upgrading the endpoint software is identical to initial installation, except that McAfee epo and McAfee Agent are already installed. Before you begin Download the software from the McAfee download site or use the Software Manager (with the Download option). Verify that the McAfee Agent version on your endpoints is compatible with the new client. Upgrade the McAfee DLP extension in McAfee epo before upgrading the client software. The McAfee DLP extension version must be the same or newer than the McAfee DLP Endpoint client version. For details about product features, usage, and best practices, click? or Help. 1 Install the McAfee DLP extension update manually or using the Software Manager. 2 In McAfee epo, select Menu Software Master Repository. 3 In the Master Repository, click Check In Package. 4 Select package type Product or Update (.ZIP), then click Browse. McAfee DLP clients are named \HDLP_Agent_[version number].zip. 5 Click Next. 6 Review the details on the Check in Package page, then click Save. The package is added to the Master Repository. 7 Deploy the clients to the endpoints with McAfee epo You can also deploy McAfee DLP Endpoint client software to your network using third-party enterprise software deployment tools. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 25

6 Upgrade to a new software version Upgrade McAfee DLP Endpoint or Device Control client 26 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

7 Post-installation 7 tasks Contents Post-installation tasks: first time installation Post-installation tasks, upgrade installation Post-installation tasks: first time installation For details about product features, usage, and best practices, click? or Help. 1 License and configure McAfee DLP in DLP Settings. 2 Create and configure evidence folders. s License McAfee DLP on page 27 Provide the license to access the McAfee DLP consoles. Configure McAfee Behavioral Analytics and McAfee Skyhigh Security Cloud integration on page 28 If you are working with McAfee Behavioral Analytics or McAfee Skyhigh Security Cloud do the following in DLP Settings. Create and configure evidence folders on page 30 Evidence is a copy of the file or email that triggers a security event. Create evidence storage folders and configure them with the required properties and security settings to make evidence available to the DLP Incident Manager. Third party installation on page 31 McAfee DLP integrates with several third-party software products. License McAfee DLP Provide the license to access the McAfee DLP consoles. You must enter at least one license key more if you have multiple McAfee DLP products. The licenses you enter determine which configuration options in McAfee epo are available to you. You can enter a license for either McAfee DLP Endpoint or Device Control in the McAfee DLP Endpoint field. Replacing one type of license with another changes the configuration. You can enter keys for these products: McAfee DLP Endpoint or Device Control McAfee DLP Discover McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 27

7 Post-installation tasks Post-installation tasks: first time installation McAfee Legacy Network DLP (9.3.x) McAfee DLP Prevent (10.x or later) This license also activates the McAfee DLP Prevent for Mobile Email software. McAfee DLP Monitor (11.x or later) The DLP Settings module has eight tabbed pages. Information about the General tab is required. You can use the default values or fields for most of the remaining settings if you don't have special requirements. The Interset section on the Advanced tab includes the server settings for McAfee Behavioral Analytics. The Skyhigh Server tab is used to set up integration with McAfee Skyhigh Security Cloud. For details about product features, usage, and best practices, click? or Help. 1 Select Menu Data Protection DLP Settings. 2 On the General tab in the License Keys Key field, enter the license key for each license that you want to add, then click Add. Installing the license activates the related McAfee epo components and McAfee epo Policy Catalog polices. 3 In the Default Evidence Storage field, enter the path. The evidence storage path must be a network path, that is \\[server]\[share]. This step is required to save the settings and activate the software. 4 Set the shared password. 5 Set the backward compatibility. Choose from one of the five options ranging from 9.4.0.0 to 11.0.0 and later compatibility. This setting limits the possibility of using new features. Two modes of compatibility are available: strict and non-strict. In strict mode, policies with backward compatibility errors cannot be applied. In non-strict mode, the policy owner, or a user with Administrator permissions, can choose to apply policies with backward compatibility errors. If you are using multiple client versions, set the compatibility to match the oldest client version in use. 6 Click Save. 7 To back up the configuration, select the Back Up & Restore tab, then click Backup to file. McAfee DLP modules appear in Menu Data Protection according to the licenses entered. Configure McAfee Behavioral Analytics and McAfee Skyhigh Security Cloud integration If you are working with McAfee Behavioral Analytics or McAfee Skyhigh Security Cloud do the following in DLP Settings. Steps 1 and 2 configure the McAfee Behavioral Analytics Reporting Service. The McAfee Behavioral Analytics Stream Nodes are configured in the McAfee DLP Windows Client Configuration in the Policy Catalog. Steps 3-9 configure the McAfee DLP connection to McAfee Skyhigh Security Cloud. 28 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Post-installation tasks Post-installation tasks: first time installation 7 For details about product features, usage, and best practices, click? or Help. 1 On the McAfee epo menu, select Data Protection DLP Settings. 2 On the Advanced tab, in the Interset section do the following: a Select the Display risky users reported by Interset in Incident Manager checkbox. b c d Enter the URL of the McAfee Behavioral Analytics Reporting Service, for example https:// interset-reporting-service-hostname-or-ip. Enter a valid user name and password. The user name must be a valid user that can authenticate to the McAfee Behavioral Analytics system. To define users for the McAfee Behavioral Analytics system please refer to the McAfee Behavioral Analytics Administrator and User Guide. Click Test Connectivity to verify the connection. The message Test connectivity successful should appear. 3 On the Skyhigh Server tab, select the Connect to Skyhigh Cloud service checkbox. The Action buttons in the Skyhigh Server section are activated. 4 Enter the server path, user name, and password. 5 Click Test Connectivity. The Connection status indicator displays success or failure. 6 In the Modules section, do the following: To enable synchronization of McAfee DLP classifications, select the Push classification information to Skyhigh checkbox. To enable reporting McAfee Skyhigh Security Cloud incidents in DLP Incident Manager, select the Pull incidents from Skyhigh checkbox. To enable pushing a McAfee DLP policy to McAfee Skyhigh Security Cloud, select Push DLP policy to Skyhigh, and select the policy to synchronize from the drop-down list. You can manually synchronize classifications by clicking Sync Classifications. The Status section displays information on the synchronization: time of synchronization and number of classifications sent. You can manually push a policy by clicking Push DLP policy. The Status section displays results of these actions. 7 Click Save. 8 On the McAfee epo menu, select Automation Server s. 9 Locate the task DLP Import Skyhigh Events and click Edit. a On the Description page, in the Schedule status section, select Enabled. b c d On the Actions page, verify that the checkbox is selected. On the Schedule page, accept the default settings or edit as needed. On the Summary page, verify the settings, then click Save. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 29

7 Post-installation tasks Post-installation tasks: first time installation Create and configure evidence folders Evidence is a copy of the file or email that triggers a security event. Create evidence storage folders and configure them with the required properties and security settings to make evidence available to the DLP Incident Manager. Enabling evidence storage is the default condition for McAfee DLP Endpoint. Creating an evidence storage folder and specifying the UNC path to the folder are requirements for applying a policy to McAfee epo. The folder does not need to be on the same computer as the McAfee DLP Database server, but it is usually convenient to put it there. When more than one McAfee DLP product is installed in McAfee epo the UNC paths for the evidence folders are synchronized. For details about product features, usage, and best practices, click? or Help. 1 Create the evidence folder. We suggest the following folder paths, and folder names, and share names but you can create others as appropriate for your environment. c:\dlp_resources\ c:\dlp_resources\evidence The evidence storage path must be a network share, that is, it must include the server name. 2 In Windows Explorer, right-click the evidence folder and select Properties. 3 Click the Sharing tab, then click Advanced sharing. Select the Share this folder option. a Change the Share name to evidence$. Click OK. The $ ensures that the share is hidden. b Click Permissions and select Full Control for Everyone. Click OK twice. 4 Click the Security tab, then click Advanced. a On the Permissions tab, click Change Permissions then deselect the Include inheritable permissions from the object's parent option. A confirmation message explains the effect this change will have on the folder. b Click Remove. The Permissions tab in the Advanced Security Settings window shows all permissions eliminated. c d Click Add to select an object type. In the Enter the object name to select field, type Domain Computers, then click OK. The Permission Entry dialog box appears. e In the Allow column, select Create Files/Write Data and Create Folders/Append Data. Verify that the Apply onto option says This folder, subfolders and files, then click OK. The Advanced Security Settings window now includes Domain Computers. f Click Add again to select an object type. 30 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Post-installation tasks Post-installation tasks: first time installation 7 g In the Enter the object name to select field, type Administrators, then click OK. The Permission Entry dialog box appears. h Set the required permissions. Adding administrators is optional, but can be added as a security precaution. Alternately, you can add permissions only for those administrators who deploy policies. 5 Click OK twice. The dialog box closes. Third party installation McAfee DLP integrates with several third-party software products. Third-party products require different installation/registration steps to work with McAfee DLP. Titus Classification Suite install the SDK on each endpoint. Boldon James Classifier install the API on each endpoint. Microsoft Rights Management Service (RMS) and Seclore FileSecure require setup in McAfee epo Registered Servers. For details about product features, usage, and best practices, click? or Help. 1 Perform these preliminary steps first: a Set up the RM servers and create users and policies. Obtain the URL and password for all servers - policy template, certification, and licensing. For Seclore, you need the Hot Folder Cabinet ID and passphrase, and information on advanced licenses, if any. b c Verify that you have permission to view, create, and edit Microsoft RMS and Seclore servers. In McAfee epo, select Menu User Management Permission Sets and verify that you belong to a group that has the required permissions in Registered Servers. Install Active Directory Rights Management Services Client 2.1 build 1.0.2004.0 on each endpoint using RM services. The Apply RM command doesn't work without this version of the RM client. 2 In McAfee epo, select Menu Registered Servers. 3 Click New Server. The Registered Servers description page opens. 4 From the Server type drop-down list, select the type of server you want to configure: Microsoft RMS Server or Seclore Server. 5 Type a name for the server configuration, then click Next. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 31

7 Post-installation tasks Post-installation tasks, upgrade installation 6 Enter the required details. When you have entered the required fields, click Test Connectivity to verify the data entered. RMS settings also include a DLP enforcement settings section. The Local path to RMS template field is optional, but the URL fields for certification and licensing are required unless you choose the AD auto-service discovery option. Seclore requires HotFolder Cabinet information, but additional license information is optional. 7 Click Save when you have completed the configuration. Post-installation tasks, upgrade installation Post-installation tasks: apply backward compatibility Backward-compatible policies allow you to use the latest McAfee DLP extension format with older McAfee DLP Endpoint and Device Control client versions. This feature provides large enterprises with an orderly upgrade path. Before you begin Client versions in the network must be 9.4.0 or later. To upgrade from McAfee DLP Endpoint client version 9.3.x, see KB85478. To upgrade policies, incidents, or operational events to work with the current McAfee DLP extension, use the DLP Policy Conversion, DLP incident migration, and DLP operational events migration server tasks. For details about product features, usage, and best practices, click? or Help. 1 In McAfee epo, go to Menu Data Protection DLP Settings. 2 On the General page, select the required setting from the drop-down list in the Backward Compatibility section. Settings are for client compatibility only. See also Upgrade workflow on page 9 32 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

A Remove DLP software Contents Remove McAfee DLP Endpoint client software with McAfee epo Remove McAfee DLP Endpoint client with DLP Help Desk Remove the McAfee DLP extension Remove McAfee DLP Endpoint client software with McAfee epo The preferred method for removing McAfee DLP Endpoint client is from McAfee epo. The details in this task description are for McAfee epo 5.9.x. The user interface in McAfee epo 5.10 is different, but the functionality is the same. For details about product features, usage, and best practices, click? or Help. 1 Open the McAfee epo System Tree (Menu Systems System Tree). 2 On the Assigned Client s tab select New Client Assignment. 3 In the to Schedule pane, select Product Deployment. Select the required Tags and Schedule Type, then click Create New. 4 In the Create New window, select the Target platform (Mac or Windows). 5 On the Products and components pane, use the drop-down list to select a product and specific version. Select Remove from the Action drop-down list. The product selected must match the target platform. 6 Run the client task. Remove McAfee DLP Endpoint client with DLP Help Desk McAfee DLP Endpoint client is protected from unauthorized removal. While it is typically uninstalled by an administrator using McAfee epo, there are situations where it needs to be uninstalled in the field using the Microsoft Windows Add or Remove Programs function. This can be done when a challenge/response (override) key has been issued. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide 33

A Remove DLP software Remove the McAfee DLP extension For details about product features, usage, and best practices, click? or Help. 1 Open the s page of the McAfee DLP Endpoint client DLP Endpoint Console. 2 Send the Identification Code and Revision ID to your McAfee DLP administrator. Do not close the s page until you receive and enter the Release Code. Click Start Bypass. 3 Remove the software using Microsoft Windows Add or Remove Programs in the usual manner. Remove the McAfee DLP extension 1 In McAfee epo, go to Menu Software Extensions. 2 From the extensions list in the left-hand pane, select Data Loss Prevention. 3 Click Remove, then verify in the Remove Extension window by clicking OK. 34 McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

A00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback