How to block classified file access by Safari using Data Loss Prevention Endpoint

Technical Articles ID: KB93496
Last Modified: 12/22/2021

Environment

McAfee Data Loss Prevention (DLP) Endpoint 11.x

Apple macOS

For details of DLP Endpoint supported platforms, see KB68147.

Summary

Safari uses a helper process called com.apple.Webkit.Networking for web file uploads.

You can prevent Safari from accessing classified files on macOS file system as follows:

Add the Executable File Name as com.apple.Webkit.Networking in the Application Template.
Use the Application File Access Protection Rule.

To create an Application File Access Protection Rule for Safari:

Log on to the ePO console.
Go to Menu, Data Protection, and select DLP Policy Manager.
Under Rule Sets, click the Rule Set that needs to be used.
On the DLP Rule Set page, select the Data Protection tab.
From the Actions drop-down list, select New Rule, Application File Access Protection.
On the Application File Access Protection page:
1. Enter a Rule Name.
2. Set the State to Enabled.
3. Set the Severity according to your requirement.
4. Select McAfee DLP Endpoint for Mac OS under Enforce On.
5. On the Condition tab, click the three dots next to Classification.
6. Select the Classification and End-User of your choice.
7. Click the three dots next to Applications and click New Item.
8. Enter the Application Template name and leave the rest to its default.
9. Under the Available Properties section, select the Property Executable File Name.
10. Set the Value as com.apple.Webkit.Networking and click Save.
11. Select the Application Template name that was saved in the previous step and click OK.
12. On the Reaction tab, set the following:
  1. Set the Action to Block.
  2. Click the three dots next to the User Notification and select a notification from the list. Click OK.
  3. Select the Report Incident checkbox and select the Store original file as evidence if you want to store evidence files.
  4. Click Save and Close.
Apply the rule set to a new policy and assign the same to the endpoints systems. com.apple.Webkit.Networking is a helper process used by Safari to perform web file uploads. According to the above DLP Application File Access Protection Rule, it blocks the Classified files accessed by com.apple.Webkit.Networking.
Apply the policy changes through the Policy Assignment.

Affected Products

Data Loss Prevention Endpoint 11.6.x
Data Loss Prevention Endpoint 11.4.x (EOL)

Languages:

This article is available in the following languages:

English United States
Spanish Spain
French
Italian
Portuguese Brasileiro

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

How to block classified file access by Safari using Data Loss Prevention Endpoint

Environment

Summary

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Knowledge Center

How to block classified file access by Safari using Data Loss Prevention Endpoint

Environment

Summary

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title