Knowledge Center

How to monitor files copied to CD/DVD-R/W devices using Data Loss Prevention Endpoint 9.3.x
Technical Articles ID:   KB81602
Last Modified:  4/7/2014


McAfee Data Loss Prevention Endpoint (DLPE) 9.3.x


Use the following steps to monitor when an application is being used to potentially place files on a CD-R/W or DVD-R/W disc:

  1. In the DLPE policy console navigation pane, click Content ProtectionProtection Rules. The available protection rules display in the right pane.
  2. Click Add NewApplication File Access Protection Rule.
  3. Rename the rule to something that will help you recognize its specific function.
  4. Double-click the rule icon and follow these steps in the wizard:
    Step Action
    1. Select one or more application definitions from the available list. You can include or exclude definitions.
    2. Click Add item to create a new application definition.
    3. Click Next

      NOTE: You must select at least one application definition, and that definition must not have the Explorer or Trusted strategy. An error message is generated if you violate this rule. In this case, select Media Burner Applications and Windows CD Burner. If necessary, add or use your own Application Definition as well, or update the Application Definitions for Media Burner Applications and/or Windows CD Burner to include the applications used in your environment to burn CD/DVD discs.
    1. Select available tags or content categories to be included or excluded from the rule. You must include at least one tag or content category to use the exclude
      tag option.
    2. Click Add item to create a new tag.
    3. Click Next.
    3 (optional)
    1. Click the Select from list option, then select file types from the available list.
      NOTE: Use the Other File Types option to select unlisted (unknown) file types.
    2. Click Next.
    4 (optional)
    1. Click the Select from list option, then select file extensions from the available list.
    2. Click Next.

      NOTE: The extensions .dll and .exe are preselected as Exclude. This is because certain applications open many such files, and including them can cause a serious deterioration in performance. You can deselect the exclusion for greater protection, but be aware of the potential performance tradeoff.
    5 (optional)
    1. Select a document properties definition or definition group from the available list. You can include or exclude definitions.
    2. Click Add item to create a new document properties definition (or Add group to create a new document properties group).
    3. Click Next.
    1. Select actions from the available list. By default, selecting an action selects both Online and Offline.
    2. Deselect Online or Offline as required.

      The only options for application file access rules are Monitor, Notify User, and Store Evidence. If you select Monitor, click Severity to modify the value.
    7 (optional)
    1. Select one or more assignment groups, or define a new group by clicking Add.
    2. Click Finish.

  5. To activate the rule, right-click the protection rule icon and select Enable.

    NOTE: This rule will trigger if the applications defined have accessed files with the Tags or Content Categories configured. It does not require the media be set to finalize or burn to trigger.

Rate this document


This article is available in the following languages:

English United States

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.