Revision A McAfee Data Loss Prevention 10.0
Release to Support: 29th August 2017Release NotesRevision AMcAfee Data Loss Prevention 10.0.300ContentsAbout this releaseWhat's newResolved issuesInstallation informationKnown issuesGetting product information by emailFind product documentationAbout this releaseThis document contains important information about the current release. We recommend that you read thewhole document.Release build McAfee Data Loss Prevention (McAfee DLP) 10.0.300 (10.0 Patch 3) software includes: McAfee DLP extension for McAfee ePolicy Orchestrator (McAfee ePO ) build 10.0.300.16 McAfee Data Loss Prevention Endpoint (McAfee DLP Endpoint) client for Windows build 10.0.300.682 McAfee Data Loss Prevention Discover (McAfee DLP Discover) Server 10.0.300.11 McAfee Help Desk build 2.0.0.131 This release was developed for use with:1
Release to Support: 29th August 2017McAfee productTested versionsMcAfee ePO 5.1.3 5.3.2 hotfix 1144868 5.9McAfee Agent 4.8 Patch 3 5.0.5 5.0.6McAfee Application Control7.0.1 and 8.0.0.651McAfee Client Proxy2.3.1McAfee Data Exchange Layer (DXL)3.0.1 and 3.1.0McAfee Threat Intelligence Exchange (TIE) for Endpoint Security1.3 and 10.2.2McAfee Drive Encryption7.1.3 and 7.2.1McAfee Endpoint Security10.2.1 and 10.5.1McAfee File and Removable Media Protection (FRP)4.3.1.Hotfix 2, 5.0.2, and 5.0.3McAfee Host Intrusion Prevention8.0 Patch 8 and Patch 9McAfee Management of Native Encryption (MNE)4.1.1McAfee Policy Auditor6.2.2McAfee Risk Advisor2.7.2McAfee Rogue System Detection (RSD)5.0.4 and 5.0.5McAfee SiteAdvisor Enterprise3.5.5McAfee Virtual Technician8.1.0McAfee VirusScan Enterprise8.8 Patch 8 and Patch 9 McAfee DLP Endpoint is also compatible with the latest release of the WebMER tool.For information about supported platforms, environments, and operating systems for McAfee DLP Endpoint,see KB68147.Tested softwareMcAfee DLP supports the following third-party software products. The versions listed have been tested forcompatibility with this release.Application TypeSoftwareTested VersionsCloud applicationsBox4.0.78Dropbox32.4.23Google Drive3.35iCloud6.2.2Microsoft 20Microsoft Active DirectoryRights Management Service(AD RMS)2008, 2012Seclore FileSecure PolicyServer2.78.0.0Security and encryptionapplications2
Release to Support: 29th August 2017Application TypeOffice and productivityapplicationsSoftwareTested VersionsSeclore Desktop Client2.56.4Stormshield Data Security9.1.20688Titus Classification Suite4.7 HF 3Titus SDK3.1.9.9TrueCrypt7.0.1Adobe Acrobat ProX and XIAdobe Reader11 and DCGoogle Chrome, 32-bit and64-bit37.0.2062.103-60.0 (not including 54.x)Lotus Notes client software8.5.3 and 9.0.1Microsoft EdgeMicrosoft Edge 40.15063.0.0 for RS2 isnot supported. See KB89089Internet Explorer11Microsoft Office, 32-bit and64-bit2010, 2013 SP1, and 2016Microsoft Outlook, 32-bit and64-bit2010, 2013 SP1, and 2016Microsoft SharePoint2010, and 2013Mozilla Firefox, 32-bit48–53PurposeThis release resolves the cross-site scripting (XSS) vulnerability issue. It also adds enhancements and fixesproblems that were reported in the previous version.Rating — MandatoryMandatoryCriticalHigh PriorityRecommended Required for all environments. Failure to apply Mandatory updates might result in a security breach. Mandatory patches and hotfixes resolve vulnerabilities that might affect product functionality andcompromise security. You must apply these updates to maintain a viable and supported product.For more information, see KB51560.What's newThe current release of the product includes these enhancements and changes.Windows client configuration enhancements The Timeout Strategy setting on the Windows client policy Removable Storage Protection page sets a timeout valuefor removable storage protection rules, and the default action if the timeout is exceeded. The Plug and Play page in the Windows client policy sets plug and play device rule blocking for iPhones. Theoptions are block both storage and charging, or block storage but allow charging.3
Release to Support: 29th August 2017DLP Chrome extensionWhen supported Chrome versions are not updated in the client policy, the DLP Chrome extension blocks fileuploads and monitors text uploads.Advanced pattern definition enhancementCase sensitive expressions are now supported by Advanced Pattern definitions.Diagnostic tool installed as part of McAfee DLP EndpointThe McAfee DLP Diagnostic Tool enables IT and DLP Operations engineers to troubleshoot and collectdiagnostic information from the McAfee DLP Endpoint client. It is now part of the DLP installation package, andis located in the \Program Files\McAfee\DLP\Agent\DiagTool\ folder.Resolved issuesThe current release of the product resolved these issues. For a list of issues fixed in earlier releases, see theRelease Notes for the specific release.Table 3-1 McAfee DLP extension for McAfee ePO resolved issuesReferenceIssue descriptionCVE-2017-3948The cross-site scripting (XSS) vulnerability in the Case Management and Incident Managerpages has been fixed.1122971The Product properties for the DLP Endpoint section of the McAfee ePO System Tree SystemsInformation Products page now display all properties, not just Product Version, Language,and Hotfix/Patch Version.1127675When a user belongs to multiple domains, McAfee Agent can now correctly parse McAfeeDLP 9.4 events and send them to McAfee ePO.1128959McAfee DLP Endpoint discovery incidents can now be rolled up.1131359McAfee DLP Endpoint Discovery summary reports and dashboards now include the MAproperties computer name and agent GUID.1143599The feature degradation of Device Control properties was fixed. Duplicate value checking for device parameters has been restored — the same valuecannot be added twice to the same property. The Instance ID value can be up to 150 characters.41143705Removable storage protection rules now support a timeout parameter that can beconfigured in the Windows client configuration. The DLP Administrator can set the defaultaction if the timeout is exceeded.1151821The PluginUTCTime, PlugDurationInSec, and PluginLocalTime parameters in the McAfee DLProllup reports can now be accessed in the McAfee ePO Query Builder.1156561Drilling down into an incident from McAfee ePO Queries and Reports now displays the sameproperties that are displayed in the incident in the DLP Incident Manager.1160509Console no longer slows down when running McAfee DLP queries.1175169Importing dictionaries with UTF8 (double byte) characters now has the same limit as ASCIIdictionaries (20,000 entries).1176691When incident reviewer permissions are assigned to AD groups, McAfee DLP now correctlymaps the reviewer ID so that members of the group can view the assigned incidents.1178131McAfee DLP queries do not cause high CPU usage in the SQL server.1178434Whitelisted URLs can now begin with a number (for example, http://126.com).
Release to Support: 29th August 2017Table 3-1 McAfee DLP extension for McAfee ePO resolved issues (continued)ReferenceIssue description1178714Total content size column is displayed correctly in reports and in the DLP IncidentManager.1180655One-to-many columns filter performance has been improved. Filtered incidents now aredisplayed correctly. All options, including next page, are displayed correctly.1181605Filtered incidents are displayed correctly. All options, including next page, are displayedcorrectly.1181801You can now save a policy with duplicate device instance IDs.1182201Nvarchar values no longer overflow integer columns.1184633Batch files and shell scripts now run without halting when McAfee DLP Endpoint client isinstalled.1186011McAfee DLP queries consistently return results. The issue of McAfee ePO timing out isresolved.1186621The Group by display in the DLP Incident Manager now works with dynamically assignedpermissions as well as manually assigned permissions.1187322On the Edit Filter Criteria page, when Rule Set Name is selected as the filter criteria, the Choosefrom Existing Values window displays all rule sets, including those that have not generatedany incidents. This is a change from the previous behavior where only rule sets for existingincidents were displayed.1187472Using a device definition with a vendor ID (VID) and description, but no product ID (PID),no longer sends the McAfee DLP Endpoint client a faulty policy.1187858, 1186545 When classification name is used in filters, all incidents are displayed. The issue of missingincidents is resolved.1187882The Set Properties dialog box in the DLP Incident Manager loads promptly. The underlyingproblem was an issue in generating the authorized reviewers list.1193517The event parser no longer throws query timeout errors. Events are being sent only afterdetecting a change in user session information. This minimizes the number of events, andprevents the timeout errors.1198207The mail notification task no longer fails when the recipient is a manager or user.1198942Incident file names and links to files are now preserved when upgrading from McAfee DLP9.4.x to 10.0.x.1202414On the Incident Tasks Set Reviewer page, selecting a user group in a set reviewer rule nowdisplays the available user groups.1204792Incident migration now works properly. The issue occurred when migrating device plug-inor unplug events with USB type (USB class) values greater than 127.1204847, 1207510 Match count information on the DLP Incident Manager Evidence page in McAfee ePO displaysthe highlighted text with matched text. The authorization error message is not displayed.1205791Case Management displays all new and previously added cases including McAfee DLPPrevent incidents, which have no user information.Table 3-2 McAfee DLP Endpoint client for Windows resolved issuesReferenceIssue description1092684Large files copied to removable storage are now blocked. The issue was resolved by addingvariable timeout support and default action options to the removable storage clientconfiguration.1124789McAfee DLP Endpoint now correctly identifies web-post sites as blacklisted or notblacklisted.1131356McAfee Agent now sends the computer name and Agent GUID as MA properties.5
Release to Support: 29th August 2017Table 3-2 McAfee DLP Endpoint client for Windows resolved issues (continued)ReferenceIssue description1160275Web application pages now load correctly. The issue was resolved by a change in theMcAfee DLP Endpoint Internet Explorer URL monitor.1168314Microsoft Outlook no longer stops receiving emails after McAfee DLP Endpoint runs anemail discovery scan. Information about scanned messages is now written to a localdatabase file rather than to the email properties.1168337Application file access protection rules now work correctly with QQ instant messaging. Theissue was caused by QQ using LoadLibrary API. McAfee DLP Endpoint now checks that thefile is opened as a data file in LoadLibrary.1169246When an Entrust encrypted email is sent to a recipient with an unknown certificate,cancelling the send command no longer sends it unencrypted.1170662The Show end-user notification. option on the Removable Storage Protection page of the Windowsclient configuration now works properly. When deselected, no notification is displayed.1174397Shutting down a VDI client running on XenDesktop 7.8 does not cause a blue screen. Theissue was resolved by changing the order in which McAfee DLP Endpoint checks problemcodes to see if it is disabling devices.1174752The block action in clipboard protection rules containing a dictionary classification with acapitalized word in Cyrillic now blocks content.1175587The user is no longer blocked when inserting a plug-and-play device if the device rulecontains a serial number and user pair exception.1176548McAfee DLP Endpoint now works with the UniAccess application, and does not preventMicrosoft Word, Internet Explorer, or Google Chrome from launching.1176600The short match string filter now works for double-byte characters.The issue was resolved by changing the escaping mechanism for illegal XML characters. Thismeans that the resolution isn't retroactive. Data stored in the database using earlier versionscan't be processed.61177242fcagchrome.dll and fcagchrome64.dll are not injected in Google Chrome in Device Controlmode.1177547Application file access protection rules now work correctly with wandoujia.exe mobilephone data transfer.1179101Web application content fingerprinting now works in SharePoint.1181320,1183770Plug and Play device rules can now successfully block Apple devices using the WindowsPortable Devices built-in definition.1181651Internet Explorer no longer stops responding when browsing an internal website.1181824After upgrading from McAfee DLP Endpoint 9.4 to 10.0, a new user can log on withoutproblems. The issue of the logon failing has been resolved.1184209Plug and Play device rules and removable storage device rules can now successfully blockApple devices using the Apple vendor ID 05ac when there are no iTunes or official Appledrivers.1183772Logging off from a VDI client when using a managed USB hub does not cause the McAfeeDLP service to stop responding. The issue was resolved by changing the order in whichMcAfee DLP checks problem codes to see if it is disabling devices.1194171Issues with Google Chrome 58.0.3029.81 have been resolved. Chrome no longer stopsresponding when McAfee DLP Endpoint client is installed.1183823McAfee DLP Endpoint running in Device Control and content-aware removable storageprotection (without tag support) mode no longer accesses network shares. The mechanismfor refreshing drives has been changed.1187886BMC-based web apps now load correctly when McAfee DLP Endpoint is installed.
Release to Support: 29th August 2017Table 3-2 McAfee DLP Endpoint client for Windows resolved issues (continued)ReferenceIssue description1189721If you install Microsoft Office 365 on a system where McAfee DLP Endpoint is currentlyinstalled, the Office 365 installer now runs without failing.1192022A user not working on the corporate LAN is no longer blocked when inserting aplug-and-play device, if the device rule contains a serial number and user pair exception.1195368Tags are now preserved when tagged files are compressed (zipped), even when compresseda second time.1197145Large files copied to removable storage are now blocked. The issue was resolved by addingvariable timeout support and default action options to the removable storage clientconfiguration.1198717Internet Explorer 11 now prints from all websites. The issue of an internal error preventingprinting was resolved. The root cause was the wrong file handle being used when thehandle was duplicated.1202290Google Chrome V60 now responds normally when McAfee DLP clipboard protection isenabled. The issue was resolved by changing the hooking mechanism.Table 3-3 McAfee DLP Discover resolved issuesReference Issue description1166904The McAfee DLP Discover data inventory option is now available in the query builder afterupdating the software.1202650File names of matched files are now updated correctly when running a Box remediation scan andapplying RMS encryption.1202801McAfee Agent now correctly sends incidents and operational events when running remediationscans.1202800SharePoint remediation scans now correctly record incidents and operational events.1202802CIFS scans now match short match strings.1203099When setting the server configuration for Box in the Policy Catalog, the Keep version history whenencrypting files and Use trash when deleting files controls now work properly.1203203You can now edit a rule to apply a Rights Management (RM) policy by changing the selectedtemplate.1203093A Box protection rule with classification Any data now returns the list of incidents when grouped byclassification in the DLP Incident Manager. (The list appears under the heading No Value.)1203393The Data inventory link from the Data Analytics classification filter now works properly.1203413The Modify anonymous share to login required Box rule action now requires the File sharing condition tobe only Anonymous (Internal / External).1205088Remediation scans with Move and Copy or Move and Apply RM actions now create placeholder filesfor the moved files.1205811Short match string and all other expected fields now appear when McAfee DLP Discover incidentsare assigned to Case Management.Table 3-4 Diagnostic tool resolved issuesReference Issue description1193416The DLP Diagnostic Tool can now display the exact text fragment that triggers tagging. Thisfeature can be used to create text whitelists when tagging is too sensitive ("tag infection").7
Release to Support: 29th August 2017Installation informationFor information about installing or upgrading McAfee DLP 10.0.300 (10.0 Patch 3) software, see the McAfee DataLoss Prevention 10.0.x Product Guide.Known issuesFor a list of known issues in previous releases, see these McAfee KnowledgeBase articles. For the McAfee DLP extension for McAfee ePO: KB87578 For McAfee DLP Endpoint: KB87188 For McAfee DLP Discover: KB87580Getting product information by emailThe Support Notification Service (SNS) delivers valuable product news, alerts, and best practices to help youincrease the functionality and protection capabilities of your McAfee products.To receive SNS email notices, go to the SNS Subscription Center at https://sns.secure.mcafee.com/signup loginto register and select your product information options.Find product documentationOn the ServicePortal, you can find information about a released product, including product documentation,technical articles, and more.Task1Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.2In the Knowledge Base pane under Content Source, click Product Documentation.3Select a product and version, then click Search to display a list of documents.Copyright 2017 McAfee, LLCMcAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Othermarks and brands may be claimed as the property of others.A00
McAfee Management of Native Encryption (MNE) 4.1.1 McAfee Policy Auditor 6.2.2 McAfee Risk Advisor 2.7.2 McAfee Rogue System Detection (RSD) 5.0.4 and 5.0.5 McAfee SiteAdvisor Enterprise 3.5.5 McAfee Virtual Technician 8.1.0 McAfee VirusScan Enterprise 8.8 Patch 8 and Patch 9 McA
4 From McAfee.com, copy the McAfee ePO software to the virtual McAfee ePO server. 5 From the McAfee ePO server, run the setup utility. 6 Using a remote browser, log on to McAfee
McAfee Firewall Enterprise Control Center Release Notes, version 5.3.1 McAfee Firewall Enterprise Control Center Product Guide, version 5.3.1 McAfee Firewall Enterprise McAfee Firewall Enterprise on CloudShield Installation Guide, version 8.3.0 McAfee Network Integrity Agent Product Guide, version 1.0.0.0
What is McAfee DLP?.13 Key features.14 How it works.14 McAfee DLP Endpoint and McAfee Device Control — Controlling endpoint content and removable media . Whitelisted text.129 Create and configure classifications.129 Create a classification.129 Create classification criteria.130 McAfee Cloud Data Protection Beta .
McAfee ePolicy Orchestrator web API Scripting Guide McAfee ePolicy Orchestrator Log File Reference Guide These guides are available from the McAfee Support Website. Preface About this guide 8 McAfee ePolicy
the McAfee Firewall Admin Console client software, the hardware or virtual platform for running the firewall software. Configuration B. comprises: the McAfee Firewall Enterprise software, including its SecureOS operating system, the McAfee Firewal
McAfee, Inc. McAfee Firewall Enterprise 4150E Hardware Part Number: NSA-4150-FWEX-E Firmware Versions: 7.0.1.03 and 8.2.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 2 Document Version: 0.6 Prepared for: Prepared by: McAfee, Inc. Corsec Security, Inc. 282
2.2 McAfee Application Control Configuring McAfee Application Control 10 Commissioning Manual, 07/2011, A5E03658595-01 2.2 McAfee Application Control McAfee Application Control can be used to block execution of unauthorized applications on servers and workstations. This means that once it
Adventure tourism: According to travel-industry-dictionary adventure tourism is “recreational travel undertaken to remote or exotic destinations for the purpose of explora-tion or engaging in a variety of rugged activities”. Programs and activities with an implica-tion of challenge, expeditions full of surprises, involving daring journeys and the unexpect- ed. Climbing, caving, jeep .
