Loading...

Knowledge Center


Documentation Correction: File and Removable Media Protection 5.0.0 Product Guide
Technical Articles ID:   KB85877
Last Modified:  12/27/2017

Environment

McAfee File and Removable Media Protection (FRP) 5.0.0

For details of FRP supported environments, see KB81149.

Summary

This article provides updates and corrections to the FRP 5.0 Product Guide, PD26185.

Problem

All documentation issues listed in this field are addressed in the FRP 5.0.2 Product Guide. For details, see PD26598.

Documentation mistake 1
The description of the following policy options for Cloud Sync folder under the Location based Protection policy is incorrect (Page 38 of the document).
 
Existing documentation content
Allow-Level message - Displays the message on the client message, if at least one protection level is set to Allow Encryption or Enforce Encryption. It is also displayed on the client system when a policy is change and the related cloud provider is detected.
 
Enforce-Level message - Displays the message on the client message, if at least one protection level is set to Allow Encryption or Enforce Encryption. It is also displayed on the client system when a policy is change and the related cloud provider is detected.
 
Documentation correction 1
Allow-Level message - If Allow Encryption protection level is selected for any of the Cloud providers, the text configured as part of this field is appended to the introductory message (followed by the Enforce-Level message if relevant), and a consolidated message is shown with the details of the associated cloud providers.

Enforce-Level message - If Enforce Encryption protection level is selected for any of the Cloud providers, the text configured as part of this field is appended to the introductory message (and Allow-Level message if relevant), and a consolidated message is shown with the details of the associated cloud providers. 
 
 
Documentation mistake 2
Under the section Prerequisites in FIPs Certification (p59), the statement provided is misleading, and the link to a related Knowledge Base article is incorrect (KB834483).

Existing documentation content
 
Prerequisites

Depending on compliance requirements mandated by your auditor, you might have to meet certain conditions to run FRP in FIPS mode.
  • McAfee ePO must be installed in FIPS mode. For more information, refer to the Knowledge Base article KB834483.
  • The operating system on the client where FRP is installed must be running in FIPS mode. For more information, refer to the Knowledge Base article KB834483.
 
Documentation correction 2
Prerequisites

The FRP client package must be installed on the client in FIPS mode.
Depending on compliance requirements mandated by your auditor, you might also have to meet other conditions to run FRP in FIPS mode.
  • McAfee ePO might have to be installed in FIPS mode
  • The operating system on the client where FRP is installed might have to run in FIPS mode.
    For more information, see the Knowledge Base article KB83483.
 
Documentation omission 3:
A statement was omitted from the end of the "How policy assignment rules work" section on page 46, relating to constraints that apply to the Mac (OS X) client.

Documentation correction 3:
For FRP OS X clients, Policy Assignment Rules can be used only for system-specific assignments. User Based Policies are not supported on FRP OS X 5.0 clients.
 
Documentation omission 4:
A section was omitted from the Product Guide describing administrator helpdesk recovery for Removable Media.

Documentation correction 4:
Administrator assisted helpdesk recovery for Removable Media and Optical Media devices.

In case of forgotten password scenarios, end users can use a helpdesk-assisted challenge and response mechanism to reset encrypted removable media and recover data from optical media. The recovery process can be used in both onsite and offsite scenarios (even on endpoints without the software installed). This feature is enabled by default.

NOTES: 
  • Helpdesk recovery for Removable Media devices is the only recovery option available with FRP OS X clients.
  • Helpdesk recovery for Optical Media devices was introduced with v5.0.1, and is only available on Windows platforms.

When end users forget their authentication credentials, to initiate recovery, they can either:
  • Click Forgot Password on the Authentication window.
    OR
  • Click Recover media under the Removable Media section from the FRP client console (Windows clients only).
 
A challenge code (with the phonetics) is displayed to the end user with a recovery message that is customizable by the Administrator. The end user can now contact the helpdesk with the challenge code.

As an ePO user, your FRP Recovery permission set must be set to Manage Recovery to be able to generate a response code for end users.
  1. In ePO, click Menu, Data Protection, FRP Recovery.
  2. Depending on the type of media to be recovered, select the Removable Media Recovery or Optical Media Recovery tab.
  3. In the Challenge Code field, type the code provided by the end user. The system starts to automatically match/filter with the known entries once 12 characters have been entered to quicken the recovery process. It is also possible to speed up the lookup by selecting vendor and product filters with Removable Media Recovery.

    NOTE: For the recovery information to be available on ePO, events generated at the time of initialization of the removable media or optical media device on the FRP client must have been sent and processed by ePO. This automatically occurs at the next client ASCI.
     
  4. When a match of the challenge code with the available database has been established, details such as user name (user who initialized the device), device size, and last access time, are displayed to help verify the caller’s identity.
  5. Click Recover to generate a response code. Read out the response code to the end user. Depending on the type of media and the applied policy, the user might be asked to reset the authentication credentials after entering the response code. For Removable Media Recovery, end users are asked to reset their authentication credentials to complete the recovery process. For Optical Media Recovery, the media is unlocked to enable data recovery.
  6. An ePO Audit log is generated with details of the ePO user/administrator (user or administrator) who generated the response code with the end user for whom the code was generated. An event is also generated for Recovery/Credential Change when the operation is performed on an FRP client.

    NOTE: The event for Recovery/Credential Change on FRP client was introduced in FRP 5.0.1, and is generated only for FRP Windows clients.

Problem

Documentation mistake
The description of the following policy options for Advanced Debug Options under the Encryption policy options is incorrect (Page 36).

Existing documentation content
Advanced Debug Options - Specify the elements to exempt the device inserted by the user for better security.

Documentation correction
Advanced Debug Options - This setting allows certain specific features or workflows in the product to be enabled or disabled on the client. For details, see KB83461.

NOTE: As of FRP 5.0.2, this policy option was renamed to Advanced Configuration Options.

Solution

Issues covered in the Problem 1 field are resolved in the FRP 5.0.2 Product Guide (PD26598)

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.