1. No category

Data Loss Prevention Endpoint 10.0 Release Notes

Release Notes
Revision A
McAfee Data Loss Prevention Endpoint
10.0.0
For use with McAfee ePolicy Orchestrator
Contents
About this release
New features
Enhancements
Resolved issues
Installation instructions
Known issues
Find product documentation
About this release
This document contains important information about the current release. We strongly recommend that
you read the entire document.
This release includes the following:
•
McAfee Data Loss Prevention (McAfee DLP) extension for McAfee ePolicy Orchestrator (McAfee
ePO ) build 10.0.0.9
®
®
®
™
•
McAfee Data Loss Prevention Endpoint (McAfee DLP Endpoint) client for Microsoft Windows build
10.0.0.1322
•
McAfee DLP Endpoint client for OS X build 10.0.0.123
®
1
•
McAfee DLP Endpoint Diagnostic Tool for Windows build 10.0.0.0
•
McAfee Help Desk build 2.0.0.130
®
Supported McAfee ePO and McAfee Agent versions
Software
Version
McAfee ePO
• 5.1.3 or later
• 5.3.2 HF1144868
• 5.3.1 (5.3.0 is not supported)
When running McAfee ePO in Microsoft Internet Explorer, use
Internet Explorer version 10.0 or later.
McAfee Agent for Windows
4.8.3 or later; 5.0.2, 5.0.3
McAfee Agent for Mac (McAfee
DLP Endpoint only)
5.0.2.185
®
McAfee DLP requirements
Table 1-1 Hardware requirements
Hardware type
Specifications
Servers
McAfee DLP extension in McAfee ePO
• RAM — 1 GB minimum (2 GB recommended)
• Hard disk — 80 GB minimum
Endpoint computers
• RAM — 1 GB minimum (2 GB recommended)
• Hard disk — 300 MB minimum free disk space (500 MB recommended)
Network
100 megabit LAN serving all workstations and the McAfee ePO server
Table 1-2 Operating systems supported
Computer type
Software
Endpoint computers,
Microsoft Windows
• Windows 7 SP1 32-bit or 64-bit
• Windows 8 or 8.1 32-bit or 64-bit
• Windows 10 and Windows 10 TH2, 32-bit or 64-bit
• Windows Server 2008 SP2 32-bit or 64-bit
• Windows Server 2008 R2 SP1 64-bit
• Windows Server 2012 64-bit
• Windows Server 2012 R2 64-bit
File System Discovery Rules and Network Communication Protection Rules are
not supported on servers.
Endpoint computers,
OS X
• OS X Mavericks 10.9.0 or later
• OS X Yosemite 10.10.0 or later
• OS X El Capitan 10.11 or later
2
Compatible McAfee products
The McAfee DLP Endpoint client for Windows in this release has been tested for compatibility with the
following McAfee managed product versions.
•
McAfee Application Control (formerly Solidcore) 6.2 and 7.0
•
McAfee Client Proxy 1.2, 2.0, and 2.1
•
McAfee Data Exchange Layer (DXL) 1.1 and 2.2
•
McAfee Drive Encryption (formerly McAfee Endpoint Encryption for PC)7.0.1 and 7.1.3
•
McAfee Endpoint Security 10.0.1 and 10.1
•
McAfee File and Removable Media Protection (FRP) (formerly McAfee Endpoint Encryption for Files
and Folders) 4.3.1 Hotfix 2 and 5.0.1
•
McAfee Host Intrusion Prevention 8.0.7
•
McAfee Management of Native Encryption (MNE) 3.0.1 and 4.1.0
•
McAfee Policy Auditor 6.2
•
McAfee Risk Advisor 2.7.2
•
McAfee Rogue System Detection (RSD) 5.0.3
•
McAfee SiteAdvisor Enterprise 3.5.4
•
McAfee Threat Intelligence Exchange (TIE) 1.3
•
McAfee Virtual Technician 1.1.0
•
McAfee VirusScan Enterprise 8.7.5 and 8.8.7
®
®
®
®
®
®
®
®
®
®
®
®
®
®
®
®
®
®
Supported software
McAfee DLP supports the following third-party software products. These versions have been tested for
compatibility with this release.
Virtualization environments:
•
Citrix XenApp 6.5 FP2, and 7.8
Citrix Device Rules are not supported when using a separate controller server with XenApp 7.6.
•
Citrix XenDesktop 7.0, 7.5, and 7.8
•
VMware View 5.3, 6.0, and 6.2
•
Microsoft Hyper-V 6.3.9600
Cloud applications:
•
Box 3.4.25–4.0.7035.0
•
Dropbox 2.4.6– 4.4.29
•
Google Drive 1.12.5329–1.30.2170.0459
•
iCloud 5.2.1.69
•
Microsoft OneDrive 17.0.2015–17.3.6390.0509
3
•
Microsoft OneDrive for Business 15.0.4779.1002
•
Syncplicity 3.4.5.6– 4.0.0.5593
Security and encryption applications:
•
Boldon James Email Classifier 3.7.4
•
Microsoft Active Directory Rights Management Services client 2.1 build 1.0.2004.0
•
Seclore FileSecure Policy Server 2.78.0.0
•
Seclore Desktop Client 2.43.0.0
•
Stormshield Data Security 9.1.10442
•
Titus Message Classification 3.5
•
Titus Classification for Desktop 3.1
•
Titus Classification Suite 4.4 SP1
•
Titus SDK 3.1.9.9
•
TrueCrypt 7.0.1
Office and productivity applications:
•
Adobe Acrobat Pro, X, XI, and DC 2015.016.20045
•
Google Chrome, 32-bit and 64-bit, 37.0.2062.103– 51.0.2704.103
•
Lotus Notes client software 8.5.2, 8.5.3, 9.0, and 9.0.1
•
Microsoft Edge 25.10586.0.0
•
Microsoft Internet Explorer 8–11
•
Microsoft Office 2010, 2013 SP1, and 2016
•
Microsoft Outlook 2010, 2013 SP1, and 2016
•
Microsoft SharePoint 2007, 2010, and 2013
•
Mozilla Firefox, 32-bit and 64-bit, 38.0–47.01
New features
This release of the product includes these new features.
McAfee DLP Endpoint for Windows new features
Manual Classification
4
Manual classification now includes the ability to apply both file classifications and content fingerprints
(tags) to documents at the endpoint. Manually applied file classifications are persistent, unlike content
fingerprinting. The user can be forced to classify Microsoft Office or Outlook documents if they were
not previously classified. Settings in the Windows client configuration can activate user interface
add-ins for Microsoft Word, Outlook, Excel, and PowerPoint.
McAfee DLP Endpoint for Mac client can read manual file classifications that were set on a Windows
endpoint, and enforce data protection rules based on these classifications. However, McAfee DLP
Endpoint for Mac does not have the manual classification dialog, and end users cannot manually classify
files.
Install and upgrade without restart
A clean installation of the McAfee DLP Endpoint client no longer requires restarting the endpoint
computer. Upgrading from version 9.4.x does require restarting.
Endpoint Discovery - user initiates scan and remediation
An addition to the client configuration of the endpoint console allows the user to run scans and display
self-remediation actions.
McAfee DLP Endpoint for Mac new features
Plug-and-play device rules
Plug-and-play device rules are supported for USB connections.
Removable storage data protection rule
Removable storage data protection is supported on McAfee DLP Endpoint for Mac. The same rule can
be defined once and enforced on both Windows and Mac OS X.
Network share data protection rule
Network share data protection is supported on McAfee DLP Endpoint for Mac. The same rule can be
defined once and enforced on both Windows and Mac OS X.
The encrypt reaction is not supported on McAfee DLP Endpoint for Mac, so the rule can only report on
sensitive files copied from a Mac system to a network share. It cannot encrypt the files.
When the administrator selects the Request Justification reaction for a rule enforced on McAfee DLP
Endpoint for Mac, only a justification dialog with a single button that performs no action can be
selected in this rule.
Application file access data protection rule
Application file access data protection is supported on McAfee DLP Endpoint for Mac. The same rule
can be defined once and enforced on both Windows and Mac OS X.
On McAfee DLP Endpoint for Mac, this rule can inspect and block files opened by any given application.
If the application is a browser, however, it cannot identify the browser address bar URL. Therefore, the
condition application is one of the supported browsers is not permitted if the rule is enforced on Mac OS X.
Encrypting and storing evidence files
When a rule is violated and the reaction is to report an incident and store the file violating the rule as
evidence, McAfee DLP Endpoint for Mac encrypts the file on the endpoint and copies it to the evidence
share. The McAfee DLP operator can then inspect the file using the DLP Incident Manager that is part of the
McAfee DLP extension in McAfee ePO.
Request justification dialog
5
Request justification dialogs are now supported on McAfee DLP Endpoint for Mac. You can define a
request justification dialog with one button, hiding two out of the three buttons. This single button
justification dialog is useful in particular for Network Share data protection rules on Mac OS X.
Enhancements
This release of the product includes these enhancements.
McAfee DLP extension enhancements
DLP Settings
McAfee DLP Settings have been moved from the McAfee ePO Server Settings to a module in the Data
Protection section of the McAfee ePO menu.
Accessing McAfee ePO Server Settings requires McAfee ePO Global Administrator permissions. Moving
the McAfee DLP Settings to the Data Protection section of the McAfee ePO menu allows any McAfee DLP
operator with proper permissions to access the McAfee DLP Settings module, set the McAfee DLP
license, and perform backup and restore operations.
Client configuration
There are now separate client configuration policies in the Policy Catalog for Microsoft Windows client
configuration and Mac OS X client configuration.
Endpoint discovery dashboards summary
A dashboards option, DLP: Endpoint Discovery Summary, has been added. It includes eight dashboards,
showing the scan status, errors, classifications, and sensitive files for both local files and email scans.
Endpoint discovery rollup
McAfee DLP Endpoint Discovery has been added to the data type options when creating a Roll Up Data task in
McAfee ePO Server Tasks.
Control Permissions for rule types
The McAfee ePO permission set for Data Loss Prevention | DLP Policy Manager now contains a Rule Types
section. You can select from Data Protection, Device Control, and Discovery rules. Deselected rule
types are not displayed.
End-user group definitions
End-user group definitions now support Active Directory Organizational Units (OUs).
File extension condition definition in content classification options
File extension conditions are now available directly for content classification criteria, rather than as a
sub-condition of the file information definition.
Policy validation and enforce rules by product
Data protection, device control, and endpoint discovery rules have an Enforce On option. Rules can be
enforced on McAfee DLP Endpoint for Windows and/or McAfee DLP Endpoint for Mac, depending on the
rule.
Add note to PID\VID
6
A description field has been added to device definitions for vendor/product IDs and USB serial
numbers. The field can be used by administrators for identifying information such as product name or
the name of a specific USB serial number. The description is an aid for administrators only, and is not
passed to the client.
Removable storage protection rule – present device information
Removable storage protection rules now report full device information. The information can be viewed
in the Destination pane on the details page in DLP Incident Manager.
Advanced pattern enhancements
These pre-defined advanced text pattern and validation algorithms are added to the advanced
patterns list:
•
Japanese My Number - corporate
•
Japanese My Number - personal
•
Australian medicare card number
Business justification hide buttons
Justification definitions in DLP Policy Manager now contain "hide button" options that can be used to make
definitions compatible with one-button (Apple) or two-button mice.
DLP Incident Manager/DLP Operations enhancements
Incident Tasks - purge incidents
A new default purge rule for incidents limits the total number of incidents in the incidents list. The
default is one million incidents.
The rule runs after all other purge rules have been executed, and if the list contains more than the
maximum number of incidents specified. The rule then deletes the oldest incidents from the list,
keeping no more than the maximum total number of incidents specified in the rule.
Operational Events Tasks - purge events
A new default purge rule for operational events limits the total number of events in the operational
events list. The default is one million events.
The rule runs after all other purge rules have been executed, and if the list contains more than the
maximum number of operational events specified. The rule then deletes the oldest events from the
list, keeping no more than the maximum total number of events specified in the rule.
Incident List - new action to export incidents
The Actions menu now has an option to export selected events. The export can include decrypted
evidence files and match-string files, incident list information, and evidence details. The export path
information can include a user name and password if required. You can send a notification email when
the export is completed.
Incident List - new incident parameters available in filter, queries and list
The following items have been added to the incident list, incident filters, and queries list of available
parameters:
•
Custom time zone
•
Email subject
•
Reporting product
•
Short match string
7
•
Request justification information
•
Email sender
•
Request justification information
Incident List - show indication of the incident product vector
The option displays an indication of data in-use, data in-motion, or data at-rest next to the incident ID
number. The product vector indicator is disabled by default. The setting is in the DLP Settings module.
Incident Details Page - audit log
An Audit Log tab has been added to the incident details page. It lists all changes to the incident,
including when the incident is opened for viewing.
DLP Operations - additional User information
DLP Operations has a new User Information tab. Information on all users associated with operational events
is listed. You can import to the list from a CSV file.
McAfee DLP Endpoint for Windows enhancements
Enhanced Microsoft RMS support
McAfee DLP Endpoint for Windows 10.0 supports Active Directory Rights Management Services Client
2.1. To apply RMS protection to files or emails using the client, you must install Active Directory Rights
Management Services Client 2.1 build 1.0.2004.0 on each endpoint computer.
See https://www.microsoft.com/en-us/download/details.aspx?id=38396 for more information.
Web Protection support for Firefox 64-bit
Web post protection rules now support both the 32-bit and 64-bit versions of Mozilla Firefox.
Web protection evaluation
The client configuration has settings for matching web protection rules. These settings allow blocking
requests sent by AJAX to a different URL from the one displayed in the address bar. Three checkboxes
allow you to choose matching by browser address bar, web request URL, HTTP referrer field, or any
combination. The feature is available for Windows clients only.
Device Guard compatibility
The McAfee DLP Endpoint client supports Device Guard on computers running Microsoft Windows 10.
McAfee DLP Endpoint for Mac enhancements
Exclusions in device rules
Device rules now support exclusions. The exclusion section of the rule definition replaces the Boolean
NOT conditions.
Only Excluded Device Definitions and Excluded Users are supported on McAfee DLP Endpoint for Mac.
Online/Offline operation
Determination of whether the computer is online or offline now has two options:
•
Connection to McAfee ePO (the method used in previous versions)
•
Connection to one of a list of servers
Ability to detect when the computer is connected to the corporate network by VPN
8
McAfee DLP Endpoint for Mac can identify whether the computer is connected to the corporate network
by VPN. Rules can now be configured to perform different reactions when connected to the corporate
network directly or by VPN.
OS X FIPS 140-2 compliance
Federal Information Processing Standards (FIPS) compliance is extended to OS X-based operating
systems by replacing the deprecated random number generation algorithm with a compatible
algorithm.
Resolved issues
These issues are resolved in this release of the product. For a list of issues fixed in earlier releases,
see the Release Notes for the specific release.
Email issues
•
S/MIME encrypted email attachments can now be opened. The content is not corrupted. The
solution involves using the MAPI protocol instead of OOM. (1139827)
•
Emails resent by Microsoft Outlook are no longer corrupted. The solution involves using the MAPI
protocol instead of OOM. (1139828)
•
Opening an embedded image in Microsoft Outlook does not crash Outlook. MAPI exceptions are
now caught in the plug-in. (1139830)
•
If a tagged file protected by FRP is sent as an email attachment, the tag is now preserved when the
file is saved on the receiving end. (1139809)
Browser and web protection issues
•
Web post protection rules now block uploads to OneDrive when using the Google Chrome browser.
(1139838, 1139847)
•
McAfee Agent now sends the computer name and Agent GUID as MA properties, and displays them
in Discovery summary reports and dashboards. (1139841)
•
Microsoft Office OpenXML files are now blocked correctly when uploaded using the Google Chrome
browser. The issue was caused by Chrome opening other files with the same headers. The McAfee
DLP Endpoint client now has a mechanism to create unique headers in Chrome. (1139842)
•
McAfee DLP Endpoint now correctly identifies web post sites as blacklisted or not blacklisted.
(1139839)
Other issues
•
An issue with bluescreen on startup when McAfee DLP Endpoint client is installed has been resolved
by changing the default driver from COM/LPT to USB. (1139833)
•
Evidence storage now works as expected — no evidence is stored when Store Evidence is not selected
in the rule definition. (1139834)
•
The Product properties for the McAfee DLP Endpoint section on the McAfee ePO System Tree | Systems
Information | Products page now displays all properties, not just Product Version, Language, and
Hotfix/Patch Version. (1139835)
•
McAfee DLP event and properties parsing no longer affect McAfee ePO performance. The resolution
involves filtering specific events that cause the problem.(1139843)
9
•
The McAfee DLP Endpoint client now goes offline when the computer is shut down. (1139845)
•
The McAfee DLP handler for Internet Explorer no longer times out when files are uploaded to a
customer internal portal based on IBM ECM Filenet. This applies to Microsoft Edge and Mozilla
Firefox browsers as well as Internet Explorer. (1139831)
•
The email discovery Previous Run Date displayed in System Tree | Product Properties is now correct.
(1139837)
Installation instructions
McAfee DLP releases can contain multiple components.
Type of release Components
Point release
• McAfee DLP extension for McAfee ePO
• McAfee DLP Endpoint client for Microsoft Windows
• McAfee DLP Endpoint client for Mac
Patch release
Patch releases typically update the McAfee DLP extension and one of the McAfee
DLP Endpoint clients. Some patch releases include both clients.
Hotfix release
Hotfix releases typically update only the McAfee DLP extension or the McAfee DLP
Endpoint client. Sometimes both the extension and a client are released in one
hotfix.
Installation of the McAfee ePO extension uses either the McAfee ePO Software Manager or the Software |
Extensions feature.
The recommended installation of the McAfee DLP Endpoint client uses the McAfee ePO infrastructure
for deployment to the endpoint computers.
You can also deploy McAfee DLP Endpoint client software to your network using third-party enterprise
deployment tools such as Microsoft Systems Management Server (SMS).
For information on installing and configuring McAfee DLP products, see the McAfee Data Loss
Prevention Endpoint Product Guide.
Known issues
For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB87188.
Important additional known issue for this release:
®
Installing McAfee Endpoint Security for Mac 10.1 after McAfee DLP Endpoint for Mac 10.0 has been
installed causes both Endpoint Security for Mac and McAfee DLP Endpoint for Mac to stop working.
(Endpoint Security for Mac defect #1144747)
Workaround: If you wish to run both applications, install Endpoint Security for Mac 10.1 first, then
McAfee DLP Endpoint for Mac 10.0.
10
Find product documentation
On the ServicePortal, you can find information about a released product, including product
documentation, technical articles, and more.
Task
1
Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.
2
In the Knowledge Base pane under Content Source, click Product Documentation.
3
Select a product and version, then click Search to display a list of documents.
Product documentation
Every McAfee product has a comprehensive set of documentation.
See this documentation for your product version:
•
McAfee Data Loss Prevention Endpoint Release Notes
•
McAfee Data Loss Prevention Endpoint Product Guide
Help modules are automatically included with the product installation.
© 2016 Intel Corporation
Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/
registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.
0A00

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz