McAfee DFFCDE-AA-DA - Endpoint Encryption For Files Product Manual Download | Manualshive

Page: 40 / 44

background image

Appendix A: Removable Media registry controls

EEFF defines the term removable media as a drive with the exception of boot drive and remote
drives. This may be a concern for client systems having built-in extra drives, for example an
extra hard drive with a ZIP drive. These drives will be subject to removable media encryption.

Relaxing the Removable Media definition

EEFF allows you to relax the removable media definition by applying it to USB drives and FireWire
drives, or, drives that report themselves as removable to the Operating System. Relaxing the
removable media definition is done by adding a registry value on the client computer.

Task

1

On the client system, create a DWORD registry value in
HKLM\System\CurrentControlSet\Services\MfeEEFF called
RelaxedRemovableMediaDefinition.

2

Set the registry value as required.

• "0": Default definition (same as not having this registry value)

• "1": Only disks reported as 'Removable' or located on the USB or IEEE 1394 (FireWire)

port

• "2": Only disks reported as 'Removable'

Restart the system to save the changes.

Exempt local drives and network shares from
encryption

You can exclude local drives and network drives from encryption by adding a registry value on
the client. Setting this registry value makes the EEFF driver not attach to local and network
drives, but only to removable media drives and CD/DVD drives.

Task

1

On the client system, create a DWORD value in HKLM\System\CCS\Service\MfeEEFF
called ExemptNonRemovable and set its value to 1.
Restart the system to save the changes.

McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide

40

«
...
38
39
40
41
42
...
»

Summary of Contents for DFFCDE-AA-DA - Endpoint Encryption For Files

Page 1: ...McAfee Endpoint Encryption for Files and Folders 4 0 0 Product Guide...

Page 2: ...d and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPON...

Page 3: ...from managed nodes using ePO 4 6 12 Removing the EEFF extension 13 Removing EEFF deployment package 14 Uninstalling EEFF from managed nodes using command prompt 14 Uninstalling EEFF from managed nodes...

Page 4: ...policy 31 Editing a key 31 Deleting keys 32 Exporting keys 32 Importing keys 32 How user personal keys work 33 Working with user personal keys 33 Managing EEFF Reports 35 Creating EEFF custom queries...

Page 5: ...be viewed only by those who have been granted access Endpoint Encryption for Files and Folders is a Persistent Encryption engine when a file has been encrypted and has been moved or copied to another...

Page 6: ...bled When a file that is encrypted with key A is moved to a folder where files are encrypted with key B the file encrypted with key A will immediately be re encrypted with key B This behavior is known...

Page 7: ...Policy Orchestrator 4 5 and 4 6 Installation Guide Microsoft MSXML 6 for ePO Operating system requirements Software Systems See McAfee ePolicy Orchestrator 4 5 and 4 6 Installation Guide ePO Server Sy...

Page 8: ...on Installing the ePO help extension Registering an LDAP Server Deploying EEFF on managed nodes using ePO 4 5 Deploying EEFF on managed systems using ePO 4 6 Checking in the EEFF deployment package Us...

Page 9: ...box appears 3 Click Browse then select the extension file help_eeff_400 ZIP then click OK The Install Extension page appears with the extension name and version details 4 Click OK Registering an LDAP...

Page 10: ...as Product Deployment then click Next 4 In the Configuration page select Target Platforms as Windows Products and components as McAfee Endpoint Encryption for Files and Folders 4 0 0 0 Action as Inst...

Page 11: ...izard appears 9 On the Select Task page select Product as McAfee Agent and Task Type as Product Deployment then select the task you created for deploying product 10 Next to Tags select the desired opt...

Page 12: ...Tree then click Actions New Task The Client Task Builder wizard appears 3 In the Description page type a Name for the task Notes optional select the Type as Product Deployment then click Next 4 In th...

Page 13: ...ct Task page select Product as McAfee Agent and Task Type as Product Deployment then select the task you created for uninstalling EEFF from managed nodes 10 Next to Tags select the desired option then...

Page 14: ...rom a managed node using MfeFfShell command Before you begin You should have administrator rights to run this command on the managed node Task For option definitions click in the interface 1 On the co...

Page 15: ...s 2003 C ProgramData in Windows Vista Windows 2008 and Windows 7 2 Run the following commands to uninstall EEFF You will be prompted to restart the system after uninstallation 1 msiexec q norestart I...

Page 16: ...olicy Catalog page you can view policy assignments where they are applied and if they are enforced You can also lock policy enforcement to prevent changes to enforcement below the locked node Contents...

Page 17: ...e supported by the process Multiple file extensions can be specified using a space semi colon or colon as separators Key Specifies the encryption key which will be assigned to the policy Browse to sel...

Page 18: ...Removes device ID from exemption list Edit Edits the ID of the device that will not be updated with the changes in encryption policies CD DVD Encryption None Selected Does not encrypt while burning fi...

Page 19: ...Edit Edits the process that will be excluded File Extension Exclusion Excludes the specified file extension from encryption Add Adds the file extension that will be excluded Remove Removes file exten...

Page 20: ...When you create a policy you are adding a custom policy to the Policy Catalog You can create policies before or after the EEFF software is deployed Task For option definitions click in the interface 1...

Page 21: ...e System The Policy Assignment page for that system appears 3 Select Endpoint Encryption for Files and Folders 4 0 0 from the product drop down list The policy categories under Endpoint Encryption for...

Page 22: ...g next to Enforcement status The Enforcement page appears 4 If you want to change the enforcement status select Break inheritance and assign the policy and settings below 5 Select Enforcing or Not enf...

Page 23: ...es can be prioritized to simplify maintenance of policy assignment management When you set priority to a rule it is enforced before other assignments with a lower priority In some cases the outcome ca...

Page 24: ...gnment Rules then click Actions New Assignment Rule The Policy Assignment Builder wizard opens with Details page 2 Type the Name and Description then click Next The user Selection Criteria page opens...

Page 25: ...cy setting needs to be shared among users or system groups Grant Key policy is a multi slot policy An ePO administrator can add multiple grant key policies to users or system groups restricting the as...

Page 26: ...multiple instances of Grant Key policy to system s based on the tags applied to them NOTE When assigning Grant key policy using ePO 4 6 policy assigned to a system based on the tags you have applied t...

Page 27: ...the Name and Description then click Next The User Selection Criteria page opens 3 Select the user by choosing the selection criteria then click Next The Assigned Policies page opens 4 Click Add The C...

Page 28: ...ble to the system and the policies to which they are associated Task For option definitions click in the interface 1 Click Menu Systems System Tree Assigned Policies then select the Product as Endpoin...

Page 29: ...policy category then click View Effective Policy The View Effective Grant Keys Policy page appears with the list of keys available to the user and the policies to which they are associated Configurin...

Page 30: ...d user local keys Regular keys are created by ePO administrators and can be used in any policy User personal keys are generated in ePO when a key is granted to a user through Grant Key policy These po...

Page 31: ...re information Use this task to assign keys to a Grant Key policy NOTE You can assign only active keys to a Grant Key policy Task For option definitions click in the interface 1 Click Menu Policy Poli...

Page 32: ...ys Use this task to export keys The keys will be exported to a password protected bin file Task For option definitions click in the interface 1 Click Menu Data Protection EEFF keys The EEFF Key Manage...

Page 33: ...EERM the administrator can ensure that the removable media can be recovered only by the assigned user on any system in the same domain Working with user personal keys Use these tasks to create and rec...

Page 34: ...en the user logs into the client system Recovering user personal keys Use this task to recover a user personal key Displaying the user personal keys as regular keys enables administrator to recover fi...

Page 35: ...monitor except those using a table to display the initial results Dashboard monitors are refreshed automatically on a user configured interval five minutes by default Exported results Query results c...

Page 36: ...ny available actions on items in any tables or drill down tables NOTE Selected properties appear in the content pane with operators that can specify criteria used to narrow the data that is returned f...

Page 37: ...list 4 Click Actions Run The query results appear Drill down into the report and take actions on items as necessary Available actions depend on the permissions of the user NOTE The user has an option...

Page 38: ...Editing EEFF Key Server permissions Creating permission sets for user accounts Use this task to create a permission set Only global administrators can create permission sets Task For option definition...

Page 39: ...ys Task For option definitions click in the interface 1 Click Menu User Management Permission Sets New Permission Set The New Permission Set page appears 2 Click Edit next to EEFF Key Server The Edit...

Page 40: ...HKLM System CurrentControlSet Services MfeEEFF called RelaxedRemovableMediaDefinition 2 Set the registry value as required 0 Default definition same as not having this registry value 1 Only disks rep...

Page 41: ...registry value must be manually set on each client system It can also be remotely distributed with a systems management tool When enabled it will not be possible to read decrypt any existing encrypted...

Page 42: ...of the files to be encrypted Set in the Encryption options policy Explicitly encrypt large shares in advance Use a manual explicit encryption method for large network folder s encryption rather than e...

Page 43: ...8 multi slot policy Grant Key 25 multiple instance policy assigning to system 25 26 assigning to user 27 P Permission sets 38 39 EEFF key management 39 EEFF policy 38 Persistent Encryption 5 policies...

Page 44: ...for a product 22 U Uninstall deployment package 14 from ePO 13 Uninstall continued from managed nodes 12 updates PC client 10 User personal keys about 33 best practices 33 create 33 enable 33 grant k...

Reviews:

No comments

Related manuals for DFFCDE-AA-DA - Endpoint Encryption For Files

Brand: Alcatel Pages: 2

Brand: ICP Pages: 77

Contivity VPN Client

Brand: Nortel Pages: 90

Brand: eCopy Pages: 266

CLUSTER SUITE 4.7 - CLUSTER LVM ADMINISTRATORS

Brand: Red Hat Pages: 108

Brand: DeLorme Pages: 437

3C15500 - Network Director - PC

Brand: 3Com Pages: 924

495B1-05A111-1301 - 3ds Max Design 2010

Brand: Autodesk Pages: 916

Brand: Autodesk Pages: 4

Retail Data Warehouse

Brand: Oracle Pages: 35

Oracle7 Server 7.3

Brand: Oracle Pages: 202

VIAVOICE 3-FOR MAC OS X

Brand: IBM Pages: 96

MN-LGD011-XX-US

Brand: LapLink Pages: 166

PARASTATION5 V5

Brand: Partec Pages: 98

WeatherLink APRS

Brand: DAVIS Pages: 8

Brand: Extreme Networks Pages: 60

Brand: Garmin Pages: 4

Brand: Lenovo Pages: 120

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands