Manualshelf

Setup guide

ManualsBrandsMcafee ManualsOtherQUICKCLEAN 1.0
21222324252627282930
McAfee ePO
Advanced Suite Installer Product Guide
Page 30 McAfee ePO
Advanced Suite Installer
Appendix A: McAfee Device Control
Note: In an Active Directory domain, you can leverage user based policies with Device Control. In
Workgroup mode, only local user or machine-based policies are possible.
Post-Installation Configuration
The installer automatically checks McAfee Device Control into the ePolicy Orchestrator software
repository; however, additional steps need to be taken to properly configure Device Control for use. The
following steps take you through the installation of the McAfee DLP Management Tools, as well as
checking in a starter policy that makes all USB storage devices function as read-only unless they are
McAfee Encrypted USB drives.
Initializing the DLP Interface
1 In the ePolicy Orchestrator console, select Menu | Data Protection | DLP Policy.
2 The McAfee DLP Endpoint Management Tools installer runs, and, after a brief delay, the DLP
Management Tools Setup wizard appears. Depending on your browser settings, you may be prompted to
install the ActiveX control.
3 Click Install, then click Next on all defaults provided in the wizard, and then click Finish.
4 Click OK on the dialog box that states “DLP Global Policy is Unavailable”.
5 When a first-time initialization page appears, click Cancel. (If you clicked Next, just click Cancel at
your earliest opportunity.)
Importing policies
1 From the DLP Policy interface, we will import a starter policy by navigating to File | Open.
2 Click Yes on the dialog box that states “This operation will discard the current policy”.
3 Browse to the Post Install directory where you extracted the installer download.
4 Select EASI - Global Policy.OPG, and then click Open to import the policy.
5 Click Apply on the toolbar in the DLP Policy interface, as shown below.
Evidence and Whitelist Folders
Two folders must be created and shared, and their properties and security settings must be configured
appropriately. The folders do not need to be on the same computer as ePolicy Orchestrator, but it is
usually convenient to put them there.
Create the following directory structure on the ePolicy Orchestrator server:
c:\dlp_resources\
c:\dlp_resources\evidence
c:\dlp_resources\whitelist