Skip to main content
McAfee MVISION Cloud

Configure Enterprise DLP

McAfee MVISION Cloud provides two solutions for On-Premise Enterprise DLP: McAfee Endpoint DLP with McAfee ePolicy Orchestrator (ePO), or Enterprise DLP (EDLP). 

  • When McAfee DLP Policy from ePO is enabled, emails are scanned using email policies defined in ePO, instead of the policies created in MVISION Cloud. 
  • When you enable Enterprise DLP, you can select a MVISION Cloud policy to pre-filter events that are sent down to MVISION Cloud. This can be useful if there are performance and throughput considerations for the Enterprise DLP server that integrates with MVISION Cloud.

Configure McAfee Endpoint DLP

  1. Choose Policy > Policy Settings.
  2. Select the tab Enterprise DLP
  3. Select the tab McAfee Endpoint DLP
    policy_settings_enterprise_dlp_mcafee_5.2.1.png
  4. The following options are available:
    • Use Classifications defined in McAfee Endpoint DLP. When this feature is enabled, DLP policies can use Classifications defined in ePO for McAfee Endpoint DLP, for the services selected below. Click Select Services, then click Done. 
      policy_settings_on_prem_dlp_mcafee_services_4.3.2.png
    • Use Policies defined in McAfee Endpoint DLP. When this feature is enabled, emails are scanned using Email policies defined in ePO for McAfee Endpoint DLP, instead of the policies created in MVISION Cloud.
    • Send evidence files to ePO. An evidence file is a copy of the item that created the Policy Violation. To use this feature, an evidence storage should be configured in ePO. If this option is disabled, evidence files will not be sent to ePO.
  5. Click Save.

Configure Enterprise DLP for Other Providers

Supported services include:

  • Box
  • Google Drive
  • Microsoft OneDrive
  • Microsoft SharePoint
  • Slack
  1. Choose Policy > Policy Settings.
  2. Select the tab Enterprise DLP
  3. Select the tab Other Providers
    policy_settings_enterprise_dlp_other_5.2.1.png
  4. Toggle Enterprise DLP to ON.
  5. Send. Select to send events:
    • All Events. Send all events. 
    • Events that Only Match. Send events that only match a policy. 
      • For Policy. Select your existing policy to match. 
  6. From. Click Select Services, select the services you want to send events from, then click Done. Click Edit to change the selected service. 
    policy_settings_on_prem_dlp_other_sevices_4.3.2.png
  7. Incident Remediation. Select to block actions sent from the Enterprise DLP, and select one of the following options. 

IMPORTANT: The Enterprise DLP policy must be configured to return a BLOCK back to MVISION Cloud via ICAP for this option to work.

  • Enterprise DLP controls the remediation action for any block response. 
  • MVISION Cloud controls the remediation action for the block response. 
  1. Click Save.
  • Was this article helpful?