Safari uses a helper process called
com.apple.Webkit.Networking for web file uploads.
You can prevent Safari from accessing classified files on macOS file system as follows:
- Add the Executable File Name as com.apple.Webkit.Networking in the Application Template.
- Use the Application File Access Protection Rule.
To create an
Application File Access Protection Rule for Safari:
- Log on to the ePO console.
- Go to Menu, Data Protection, and select DLP Policy Manager.
- Under Rule Sets, click the Rule Set that needs to be used.
- On the DLP Rule Set page, select the Data Protection tab.
- From the Actions drop-down list, select New Rule, Application File Access Protection.
- On the Application File Access Protection page:
- Enter a Rule Name.
- Set the State to Enabled.
- Set the Severity according to your requirement.
- Select McAfee DLP Endpoint for Mac OS under Enforce On.
- On the Condition tab, click the three dots next to Classification.
- Select the Classification and End-User of your choice.
- Click the three dots next to Applications and click New Item.
- Enter the Application Template name and leave the rest to its default.
- Under the Available Properties section, select the Property Executable File Name.
- Set the Value as com.apple.Webkit.Networking and click Save.
- Select the Application Template name that was saved in the previous step and click OK.
- On the Reaction tab, set the following:
- Set the Action to Block.
- Click the three dots next to the User Notification and select a notification from the list. Click OK.
- Select the Report Incident checkbox and select the Store original file as evidence if you want to store evidence files.
- Click Save and Close.
- Apply the rule set to a new policy and assign the same to the endpoints systems. com.apple.Webkit.Networking is a helper process used by Safari to perform web file uploads. According to the above DLP Application File Access Protection Rule, it blocks the Classified files accessed by com.apple.Webkit.Networking.
- Apply the policy changes through the Policy Assignment.
