Release Notes
Revision AMcAfee Data Loss Prevention Endpoint
10.0.0
For use with McAfee ePolicy Orchestrator
Contents
About this release New features Enhancements Resolved issues
Installation instructions Known issues
Find product documentation
About this release
This document contains important information about the current release. We strongly recommend that you read the entire document.
This release includes the following: • McAfee®
Data Loss Prevention (McAfee DLP) extension for McAfee®
ePolicy Orchestrator®
(McAfee ePO™
) build 10.0.0.9 • McAfee®
Data Loss Prevention Endpoint (McAfee DLP Endpoint) client for Microsoft Windows build 10.0.0.1322
• McAfee DLP Endpoint Diagnostic Tool for Windows build 10.0.0.0 • McAfee®
Help Desk build 2.0.0.130
Supported McAfee ePO and McAfee Agent versions
Software Version
McAfee ePO • 5.1.3 or later
• 5.3.2 HF1144868
• 5.3.1 (5.3.0 is not supported)
When running McAfee ePO in Microsoft Internet Explorer, use Internet Explorer version 10.0 or later.
McAfee®
Agent for Windows 4.8.3 or later; 5.0.2, 5.0.3 McAfee Agent for Mac (McAfee
DLP Endpoint only) 5.0.2.185
McAfee DLP requirements
Table 1-1 Hardware requirements
Hardware type Specifications
Servers McAfee DLP extension in McAfee ePO
• RAM — 1 GB minimum (2 GB recommended) • Hard disk — 80 GB minimum
Endpoint computers • RAM — 1 GB minimum (2 GB recommended)
• Hard disk — 300 MB minimum free disk space (500 MB recommended) Network 100 megabit LAN serving all workstations and the McAfee ePO server Table 1-2 Operating systems supported
Computer type Software
Endpoint computers,
Microsoft Windows • Windows 7 SP1 32-bit or 64-bit • Windows 8 or 8.1 32-bit or 64-bit
• Windows 10 and Windows 10 TH2, 32-bit or 64-bit • Windows Server 2008 SP2 32-bit or 64-bit
• Windows Server 2008 R2 SP1 64-bit • Windows Server 2012 64-bit
• Windows Server 2012 R2 64-bit
File System Discovery Rules and Network Communication Protection Rules are not supported on servers.
Endpoint computers,
Compatible McAfee products
The McAfee DLP Endpoint client for Windows in this release has been tested for compatibility with the following McAfee managed product versions.
• McAfee®
Application Control (formerly Solidcore) 6.2 and 7.0 • McAfee®
Client Proxy 1.2, 2.0, and 2.1 • McAfee®
Data Exchange Layer (DXL) 1.1 and 2.2 • McAfee®
Drive Encryption (formerly McAfee Endpoint Encryption for PC)7.0.1 and 7.1.3 • McAfee®
Endpoint Security 10.0.1 and 10.1 • McAfee®
File and Removable Media Protection (FRP) (formerly McAfee®
Endpoint Encryption for Files and Folders) 4.3.1 Hotfix 2 and 5.0.1
• McAfee®
Host Intrusion Prevention 8.0.7 • McAfee®
Management of Native Encryption (MNE) 3.0.1 and 4.1.0 • McAfee®
Policy Auditor 6.2 • McAfee®
Risk Advisor 2.7.2 • McAfee®
Rogue System Detection (RSD) 5.0.3 • McAfee®
SiteAdvisor®
Enterprise 3.5.4 • McAfee®
Threat Intelligence Exchange (TIE) 1.3 • McAfee® Virtual Technician 1.1.0 • McAfee® VirusScan® Enterprise 8.7.5 and 8.8.7
Supported software
McAfee DLP supports the following third-party software products. These versions have been tested for compatibility with this release.
Virtualization environments: • Citrix XenApp 6.5 FP2, and 7.8
Citrix Device Rules are not supported when using a separate controller server with XenApp 7.6.
• Microsoft OneDrive for Business 15.0.4779.1002 • Syncplicity 3.4.5.6– 4.0.0.5593
Security and encryption applications: • Boldon James Email Classifier 3.7.4
• Microsoft Active Directory Rights Management Services client 2.1 build 1.0.2004.0 • Seclore FileSecure Policy Server 2.78.0.0
• Seclore Desktop Client 2.43.0.0 • Stormshield Data Security 9.1.10442 • Titus Message Classification 3.5 • Titus Classification for Desktop 3.1 • Titus Classification Suite 4.4 SP1 • Titus SDK 3.1.9.9
• TrueCrypt 7.0.1
Office and productivity applications:
• Adobe Acrobat Pro, X, XI, and DC 2015.016.20045
• Google Chrome, 32-bit and 64-bit, 37.0.2062.103– 51.0.2704.103 • Lotus Notes client software 8.5.2, 8.5.3, 9.0, and 9.0.1
• Microsoft Edge 25.10586.0.0 • Microsoft Internet Explorer 8–11
• Microsoft Office 2010, 2013 SP1, and 2016 • Microsoft Outlook 2010, 2013 SP1, and 2016 • Microsoft SharePoint 2007, 2010, and 2013 • Mozilla Firefox, 32-bit and 64-bit, 38.0–47.01
New features
This release of the product includes these new features.
McAfee DLP Endpoint for Windows new features
Manual classification now includes the ability to apply both file classifications and content fingerprints (tags) to documents at the endpoint. Manually applied file classifications are persistent, unlike content fingerprinting. The user can be forced to classify Microsoft Office or Outlook documents if they were not previously classified. Settings in the Windows client configuration can activate user interface add-ins for Microsoft Word, Outlook, Excel, and PowerPoint.
McAfee DLP Endpoint for Mac client can read manual file classifications that were set on a Windows endpoint, and enforce data protection rules based on these classifications. However, McAfee DLP Endpoint for Mac does not have the manual classification dialog, and end users cannot manually classify files.
Install and upgrade without restart
A clean installation of the McAfee DLP Endpoint client no longer requires restarting the endpoint computer. Upgrading from version 9.4.x does require restarting.
Endpoint Discovery - user initiates scan and remediation
An addition to the client configuration of the endpoint console allows the user to run scans and display self-remediation actions.
McAfee DLP Endpoint for Mac new features
Plug-and-play device rules
Plug-and-play device rules are supported for USB connections.
Removable storage data protection rule
Removable storage data protection is supported on McAfee DLP Endpoint for Mac. The same rule can be defined once and enforced on both Windows and Mac OS X.
Network share data protection rule
Network share data protection is supported on McAfee DLP Endpoint for Mac. The same rule can be defined once and enforced on both Windows and Mac OS X.
The encrypt reaction is not supported on McAfee DLP Endpoint for Mac, so the rule can only report on sensitive files copied from a Mac system to a network share. It cannot encrypt the files.
When the administrator selects the Request Justification reaction for a rule enforced on McAfee DLP Endpoint for Mac, only a justification dialog with a single button that performs no action can be selected in this rule.
Application file access data protection rule
Application file access data protection is supported on McAfee DLP Endpoint for Mac. The same rule can be defined once and enforced on both Windows and Mac OS X.
On McAfee DLP Endpoint for Mac, this rule can inspect and block files opened by any given application. If the application is a browser, however, it cannot identify the browser address bar URL. Therefore, the condition application is one of the supported browsers is not permitted if the rule is enforced on Mac OS X.
Encrypting and storing evidence files
When a rule is violated and the reaction is to report an incident and store the file violating the rule as evidence, McAfee DLP Endpoint for Mac encrypts the file on the endpoint and copies it to the evidence share. The McAfee DLP operator can then inspect the file using the DLP Incident Manager that is part of the McAfee DLP extension in McAfee ePO.
Request justification dialogs are now supported on McAfee DLP Endpoint for Mac. You can define a request justification dialog with one button, hiding two out of the three buttons. This single button justification dialog is useful in particular for Network Share data protection rules on Mac OS X.
Enhancements
This release of the product includes these enhancements.
McAfee DLP extension enhancements
DLP Settings
McAfee DLP Settings have been moved from the McAfee ePO Server Settings to a module in the Data
Protection section of the McAfee ePO menu.
Accessing McAfee ePO Server Settings requires McAfee ePO Global Administrator permissions. Moving the McAfee DLP Settings to the Data Protection section of the McAfee ePO menu allows any McAfee DLP operator with proper permissions to access the McAfee DLP Settings module, set the McAfee DLP license, and perform backup and restore operations.
Client configuration
There are now separate client configuration policies in the Policy Catalog for Microsoft Windows client configuration and Mac OS X client configuration.
Endpoint discovery dashboards summary
A dashboards option, DLP: Endpoint Discovery Summary, has been added. It includes eight dashboards, showing the scan status, errors, classifications, and sensitive files for both local files and email scans.
Endpoint discovery rollup
McAfee DLP Endpoint Discovery has been added to the data type options when creating a Roll Up Data task in
McAfee ePO Server Tasks.
Control Permissions for rule types
The McAfee ePO permission set for Data Loss Prevention | DLP Policy Manager now contains a Rule Types section. You can select from Data Protection, Device Control, and Discovery rules. Deselected rule types are not displayed.
End-user group definitions
End-user group definitions now support Active Directory Organizational Units (OUs).
File extension condition definition in content classification options
File extension conditions are now available directly for content classification criteria, rather than as a sub-condition of the file information definition.
Policy validation and enforce rules by product
Data protection, device control, and endpoint discovery rules have an Enforce On option. Rules can be enforced on McAfee DLP Endpoint for Windows and/or McAfee DLP Endpoint for Mac, depending on the rule.
A description field has been added to device definitions for vendor/product IDs and USB serial
numbers. The field can be used by administrators for identifying information such as product name or the name of a specific USB serial number. The description is an aid for administrators only, and is not passed to the client.
Removable storage protection rule – present device information
Removable storage protection rules now report full device information. The information can be viewed in the Destination pane on the details page in DLP Incident Manager.
Advanced pattern enhancements
These pre-defined advanced text pattern and validation algorithms are added to the advanced patterns list:
• Japanese My Number - corporate • Japanese My Number - personal • Australian medicare card number
Business justification hide buttons
Justification definitions in DLP Policy Manager now contain "hide button" options that can be used to make definitions compatible with one-button (Apple) or two-button mice.
DLP Incident Manager/DLP Operations enhancements
Incident Tasks - purge incidents
A new default purge rule for incidents limits the total number of incidents in the incidents list. The default is one million incidents.
The rule runs after all other purge rules have been executed, and if the list contains more than the maximum number of incidents specified. The rule then deletes the oldest incidents from the list, keeping no more than the maximum total number of incidents specified in the rule.
Operational Events Tasks - purge events
A new default purge rule for operational events limits the total number of events in the operational events list. The default is one million events.
The rule runs after all other purge rules have been executed, and if the list contains more than the maximum number of operational events specified. The rule then deletes the oldest events from the list, keeping no more than the maximum total number of events specified in the rule.
Incident List - new action to export incidents
The Actions menu now has an option to export selected events. The export can include decrypted evidence files and match-string files, incident list information, and evidence details. The export path information can include a user name and password if required. You can send a notification email when the export is completed.
Incident List - new incident parameters available in filter, queries and list
The following items have been added to the incident list, incident filters, and queries list of available parameters:
• Custom time zone • Email subject
• Request justification information • Request justification information • Email sender
Incident List - show indication of the incident product vector
The option displays an indication of data in-use, data in-motion, or data at-rest next to the incident ID number. The product vector indicator is disabled by default. The setting is in the DLP Settings module.
Incident Details Page - audit log
An Audit Log tab has been added to the incident details page. It lists all changes to the incident, including when the incident is opened for viewing.
DLP Operations - additional User information
DLP Operations has a new User Information tab. Information on all users associated with operational events
is listed. You can import to the list from a CSV file.
McAfee DLP Endpoint for Windows enhancements
Enhanced Microsoft RMS support
McAfee DLP Endpoint for Windows 10.0 supports Active Directory Rights Management Services Client 2.1. To apply RMS protection to files or emails using the client, you must install Active Directory Rights Management Services Client 2.1 build 1.0.2004.0 on each endpoint computer.
See https://www.microsoft.com/en-us/download/details.aspx?id=38396 for more information.
Web Protection support for Firefox 64-bit
Web post protection rules now support both the 32-bit and 64-bit versions of Mozilla Firefox.
Web protection evaluation
The client configuration has settings for matching web protection rules. These settings allow blocking requests sent by AJAX to a different URL from the one displayed in the address bar. Three checkboxes allow you to choose matching by browser address bar, web request URL, HTTP referrer field, or any combination. The feature is available for Windows clients only.
Device Guard compatibility
The McAfee DLP Endpoint client supports Device Guard on computers running Microsoft Windows 10.
McAfee DLP Endpoint for Mac enhancements
Exclusions in device rules
Device rules now support exclusions. The exclusion section of the rule definition replaces the Boolean NOT conditions.
Only Excluded Device Definitions and Excluded Users are supported on McAfee DLP Endpoint for Mac.
Online/Offline operation
Determination of whether the computer is online or offline now has two options: • Connection to McAfee ePO (the method used in previous versions)
McAfee DLP Endpoint for Mac can identify whether the computer is connected to the corporate network by VPN. Rules can now be configured to perform different reactions when connected to the corporate network directly or by VPN.
OS X FIPS 140-2 compliance
Federal Information Processing Standards (FIPS) compliance is extended to OS X-based operating systems by replacing the deprecated random number generation algorithm with a compatible algorithm.
Resolved issues
These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for the specific release.
Email issues
• S/MIME encrypted email attachments can now be opened. The content is not corrupted. The solution involves using the MAPI protocol instead of OOM. (1139827)
• Emails resent by Microsoft Outlook are no longer corrupted. The solution involves using the MAPI protocol instead of OOM. (1139828)
• Opening an embedded image in Microsoft Outlook does not crash Outlook. MAPI exceptions are now caught in the plug-in. (1139830)
• If a tagged file protected by FRP is sent as an email attachment, the tag is now preserved when the file is saved on the receiving end. (1139809)
Browser and web protection issues
• Web post protection rules now block uploads to OneDrive when using the Google Chrome browser. (1139838, 1139847)
• McAfee Agent now sends the computer name and Agent GUID as MA properties, and displays them in Discovery summary reports and dashboards. (1139841)
• Microsoft Office OpenXML files are now blocked correctly when uploaded using the Google Chrome browser. The issue was caused by Chrome opening other files with the same headers. The McAfee DLP Endpoint client now has a mechanism to create unique headers in Chrome. (1139842) • McAfee DLP Endpoint now correctly identifies web post sites as blacklisted or not blacklisted.
(1139839)
Other issues
• An issue with bluescreen on startup when McAfee DLP Endpoint client is installed has been resolved by changing the default driver from COM/LPT to USB. (1139833)
• Evidence storage now works as expected — no evidence is stored when Store Evidence is not selected in the rule definition. (1139834)
• The Product properties for the McAfee DLP Endpoint section on the McAfee ePO System Tree | Systems
Information | Products page now displays all properties, not just Product Version, Language, and
Hotfix/Patch Version. (1139835)
• The McAfee DLP Endpoint client now goes offline when the computer is shut down. (1139845) • The McAfee DLP handler for Internet Explorer no longer times out when files are uploaded to a
customer internal portal based on IBM ECM Filenet. This applies to Microsoft Edge and Mozilla Firefox browsers as well as Internet Explorer. (1139831)
• The email discovery Previous Run Date displayed in System Tree | Product Properties is now correct. (1139837)
Installation instructions
McAfee DLP releases can contain multiple components.
Type of release Components
Point release • McAfee DLP extension for McAfee ePO
• McAfee DLP Endpoint client for Microsoft Windows • McAfee DLP Endpoint client for Mac
Patch release Patch releases typically update the McAfee DLP extension and one of the McAfee DLP Endpoint clients. Some patch releases include both clients.
Hotfix release Hotfix releases typically update only the McAfee DLP extension or the McAfee DLP Endpoint client. Sometimes both the extension and a client are released in one hotfix.
Installation of the McAfee ePO extension uses either the McAfee ePO Software Manager or the Software |
Extensions feature.
The recommended installation of the McAfee DLP Endpoint client uses the McAfee ePO infrastructure for deployment to the endpoint computers.
You can also deploy McAfee DLP Endpoint client software to your network using third-party enterprise deployment tools such as Microsoft Systems Management Server (SMS).
For information on installing and configuring McAfee DLP products, see the McAfee Data Loss Prevention Endpoint Product Guide.
Known issues
For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB87188.
Important additional known issue for this release:
Installing McAfee®
Endpoint Security for Mac 10.1 after McAfee DLP Endpoint for Mac 10.0 has been installed causes both Endpoint Security for Mac and McAfee DLP Endpoint for Mac to stop working. (Endpoint Security for Mac defect #1144747)
Workaround: If you wish to run both applications, install Endpoint Security for Mac 10.1 first, then
Find product documentation
On the ServicePortal, you can find information about a released product, including product documentation, technical articles, and more.
Task
1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.
2 In the Knowledge Base pane under Content Source, click Product Documentation.
3 Select a product and version, then click Search to display a list of documents.
Product documentation
Every McAfee product has a comprehensive set of documentation. See this documentation for your product version:
• McAfee Data Loss Prevention Endpoint Release Notes • McAfee Data Loss Prevention Endpoint Product Guide
Help modules are automatically included with the product installation.
© 2016 Intel Corporation
Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.
