Release Notes McAfee Data Loss Prevention Endpoint 9.3.

0 Software

About this release New features Enhancements Resolved issues Installation instructions Known issues Find product documentation

About this release

This document contains important information about the current release. We strongly recommend that you read the entire document. Important
If you are upgrading from an older version of McAfee Data Loss Prevention Endpoint (McAfee DLP Endpoint), you must verify that the DLP Policy Push task is scheduled to run every 2 hours. This new ePolicy Orchestrator Server Task pushes McAfee DLP policies to endpoint computers that have no DLP policy. The task is optimized for performance and does not push a policy to endpoints that have already received that policy. This server task is necessary because ePolicy Orchestrator 4.5 and 4.6 fail to push policies to products whose internal product code ID has changed. Since McAfee DLP Endpoint client 9.2.2xx has a new product code, this task must be run periodically until all endpoints are upgraded to McAfee DLP Endpoint client 9.2.214.

Release build

McAfee Data Loss Prevention Endpoint (McAfee DLP Endpoint) client software build 9.3.0.637 McAfee Data Loss Prevention Endpoint Management tools software build 9.3.0.612

Module compatibility The McAfee DLP Endpoint Management tools software build in this release is not compatible with Unified McAfee DLP extensions for McAfee ePolicy Orchestrator , such as versions 9.2.5 or 9.2.107. If you are using the Unified McAfee DLP extension please contact McAfee support to get a different release to update your software. Supported systems This release was developed for use with these Microsoft systems:

Windows XP Professional SP3 or later, 32-bit (no support for 64 bit) Windows Vista SP1 or later Enterprise and Business editions, 32-bit Windows 7 SP1 or later Enterprise and Business editions, 32- and 64-bit Windows 8 Enterprise and Professional, 32- and 64-bit Windows 2003 Server and Windows 2003 Server R2 SP2 or later, 32- and 64-bit Windows 2008 Server and Windows 2008 Server R2 SP2 or later, 32- and 64-bit Windows Server 2012 64-bit

This release supports the following virtualization systems:

Citrix XenApp 6.0 and 6.5 Citrix XenDesktop 5.5 and 5.6 VMware View 4.6, 5.0, and 5.1

The McAfee DLP Endpoint policy console in this release supports the following Windows operating system versions:

Microsoft Windows XP Professional SP3 or later, 32-bit Windows Vista Enterprise and Business editions SP1 or later, 32- and 64-bit Windows 7 Enterprise and Business editions, 32- and 64-bit Windows 8 Professional, 32- and 64-bit Windows Server 2003 family SP1 or later, 32- and 64-bit Windows 2008 server 32- and 64-bit Windows Server 2012 64-bit
On 64-bit systems, run the policy console as an ActiveX control inside 32-bit Windows Internet Explorer. Due to a known User Account Control (UAC) / ActiveX issue, we strongly recommend turning UAC off when installing or running the console in Windows Vista, Windows 7, Windows 8, or Windows Server 2008 operating systems.

Note

Compatible McAfee point products This release has been tested for compatibility with the following McAfee point product versions

McAfee Agent 4.5 Patch 3, 4.6 Patch 3, and 4.8 Note

When running the McAfee DLP Endpoint client on a server, install McAfee Agent 4.8 or later.

McAfee VirusScan Enterprise 8.7 Patch 5 and 8.8 Patch 3 McAfee Endpoint Encryption for Files and Folders 3.2.2.10 and 4.0.1 McAfee Endpoint Encryption for PC 6.2 and 7.0 McAfee Host Intrusion Prevention System 7.0 Patch 9, 8.0 Patch 1 and Patch 2 McAfee Network Access Control (McAfee NAC) 4.0 McAfee Policy Auditor 6.0 Patch 1 McAfee Risk Advisor 2.7 Patch 1 McAfee RSD Sensor 4.7.0.312 McAfee SiteAdvisor Enterprise 3.5 Patch 1 McAfee Solidcore 6.1 McAfee Virtual Technician 1.0.9.0

Supported software This release has been tested for compatibility with the following third-party software versions:

Adobe LiveCycle ES 2

Adobe Acrobat X Pro Adobe Reader 711 Citrix XenApp 6.0, 6.5 Citrix XenDesktop 5.5, 5.6 Lotus Notes client software 7.0, 8.0, 8.5.2, and 8.5.3 Microsoft Active Directory Rights Management Services (AD RMS) 2003, 2008 Microsoft Internet Explorer 610 Microsoft .NET 3.5 SP 1, 4.0, and 4.5 Microsoft Office 2003, 2007, 2010, 2013 Microsoft Outlook 2003, 2007, 2010, 2013 Microsoft Sharepoint 2007 and 2010 Mozilla Firefox 3.620.0 Seclore FileSecure Policy Server 2.29 and later Seclore Desktop Client 2.29 and later Titus Message Classification Titus Classification for Desktop TrueCrypt 7.1 VMware View 4.6, 5.0, and 5.1

Supported languages McAfee DLP Policy Manager is localized to the following languages:

English French German Spanish Japanese

Korean Russian Chinese (Traditional) Chinese (Simplified)

The McAfee DLP Endpoint client software is language-neutral, that is, it can be installed in any language version of the supported Windows operating systems, including double-byte and right-to-left language operating systems.

New features
This release of the product includes these new features. Microsoft Windows 8/Windows Server 2012 support McAfee DLP Endpoint version 9.3 supports Microsoft Windows 8 32- and 64-bit PC operating systems. Microsoft Windows Server 2012 64-bit systems are also supported. Note
Metro UI is not supported.

Virtualization support Two virtual desktop scenarios are supported: Virtual Desktop Infrastructure (VDI) systems Citrix XenDesktop and VMware View, and remote desktop solutions Citrix XenApp and Microsoft Remote Desktop (MSTSC also known as RDP). Citrix device rules can be used to block floppy, CD, fixed, or network drives running in Citrix desktop sessions, but the rules cannot be used with organizational units (OUs). If a User Assignment Group (UAG) is chosen that contains an OU, the rule is

not enabled. DLP Incident Manager To improve security, McAfee DLP Endpoint version 9.3 eliminates the McAfee DLP Windows Communication Foundation (WCF). The McAfee DLP Monitor, which depended on the WCF framework, has been replaced with the browser-based DLP Incident Manager and DLP Operational Events consoles. Permissions set in ePolicy Orchestrator can be used to define role-based access control (RBAC) to viewing events or incidents. Role-based access control RBAC, also known as separation of duties (SoD) for incident review, is an important component of the new DLP Incident Manager console. Permissions for different duties are set in ePolicy Orchestrator user permission sets, and reviewers can be assigned automatically with ePolicy Orchestrator server tasks using the new DLP incident tasks runner. Assignments can also be made manually. Incident tasks ePolicy Orchestrator tasks can assign reviewers, send email notifications, or purge incidents from the database automatically. DLP endpoint console The user pop-up window on endpoint computers has been augmented with a user console displaying more information. The console is configured from the Agent Configuration | User Interface Service page. The console displays event history, including details of aggregated events, and McAfee DLP Endpoint Discovery details. The purpose of the console is to share information with the user and to facilitate self-remediation of problems. ePolicy Orchestrator 5.0 support McAfee DLP Endpoint version 9.3 supports the recently released ePolicy Orchestrator version. TrueCrypt protection McAfee DLP Endpoint can block or monitor TrueCrypt devices, or set them to read-only, with a new TrueCrypt device rule, a subset of the removable storage device rule. In addition, a TrueCrypt option, enabled in the Agent Configuration | Advanced Configuration tab, allows TrueCrypt volumes to be protected with removable storage protection rules. Note
McAfee DLP Endpoint Client software treats all TrueCrypt mounts as removable storage, even when the application is writing to the local disk.

Seclore FileSecure support McAfee DLP Endpoint version 9.3 adds support for Seclore FileSecure information rights management (IRM). The support is similar to that already provided for Adobe LiveCycle and Microsoft RMS. For more information on Seclore McAfee integration, see http://www.seclore.com/filesecure_mcafee_integration.html. Note
FileSecure is currently not supported on Microsoft Windows 8 or Windows Server 2012. Contact Seclore for information on when these operating systems will be supported. McAfee DLP Endpoint does, however, apply Seclore policies when running on these operating systems.

Enhancements
This release of the product includes these enhancements. Additional Titus integration McAfee DLP Endpoint integrated support for Titus Message Classification (TMC) software in version 9.2 Patch 2. Titus support has now been extended to include Titus Classification for Desktop (TCD), allowing TCD to apply McAfee DLP Endpoint tags. Agent bypass improvements Agent bypass is no longer terminated with a system restart or logoff. The timer continues running up to the time set by the administrator, a maximum of 30 days. Agent product ID code change The agent product ID code has been changed to DLPAGENT9300. This allows multiple version of the client software to be stored in the same repository for deployment. Customized logo on end user window captions User notification, business justification, and challenge-response pop-up messages can be customized with a logo. The image is added on the Agent configuration | Advanced configuration tab.

Note

The logo must be a .jpg, .gif, or .png image, 462 x 23 pixels in size, and not more than 37 KB when saved as a .png file.

Device control blocking of non-system hard disks A new device definition, Fixed Hard Drive, and a new device rule using this device definition, allows Block , Monitor , Read Only, and Notify User actions on fixed disk drives. The system or boot volumes are automatically excluded in the device rule, as are dynamic drives. A new searchable event type, Fixed Hard Drive is produced in the DLP Incident Manager when an event is triggered. Discovery summary event The Discovery summary administrative event reports the number of files scanned, time to completion, a list of files not scanned and the root cause for this, and other information. End-user notification improvements The end-user notification dialog box now supports up to 350 characters. In addition, multiple events triggered by a single operation are aggregated into a single pop-up notification. The details of the aggregated event can be viewed in the endpoint console. File size in document properties The property file size has been added to the list of document properties that can specified when restricting a protection rule. Firefox improvements Improvements in the way Mozilla Firefox is controlled eliminate a number of former problems. The Firefox plug-in is no longer used, which means that users can no longer avoid web post blocking by disabling the add-on or by running Firefox in safe mode. The McAfee DLP Endpoint client software supports the latest Firefox versions. Full McAfee DLP Endpoint on servers McAfee DLP Endpoint 9.3 clients deployed to servers can run full DLP, not just Device Control. Multiple user sessions Fast User Switching (FUS) on Windows Vista, Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, and Windows Server 2012 is now supported with multiple user sessions. If Plug-and-Play device rules are differentiated by user, the most restrictive rule is applied to all user sessions. Native ePolicy Orchestrator incident management Incident tasks can be filtered by ePolicy Orchestrator system tree parameters (for example, Computer Name ) and ePolicy Orchestrator tags. Screen capture and clipboard improvements Screen capture can now protect more than just keyboard Print Screen. An option on the Agent Configuration | Miscellaneous page allows the administrator to enable the Print Screen handler, an applications handler, or both. You define screen capture applications managed by the applications handler in Agent Configuration | Advanced Configuration | Settings . Several popular applications such as PaintShop Pro, OneNote, Snipping Tool, and SnagIt are included by default. Other screen capture applications can be added. Clipboard protection has been extended to allow control based on the Paste target application. Blocking copy/paste to IM applications, Skype, and so forth is now possible. Blocking copy/paste from one Microsoft Word document to another is also possible, or allowing copy/paste from a Microsoft Word document only to another Word document. Removable storage protection enhancement adding Windows Explorer sandbox In McAfee DLP Endpoint version 9.2, the client software processed files copied by Windows Explorer to removable storage devices before they were actually copied to the destination. The new protection rule algorithm hooks the Windows MoveFile and CopyFile APIs when files are being copied to removable storage, and suspends the transfer until the McAfee DLP Endpoint client software completes the scan and applies the policy. The feature can be deactivated on the Agent Configuration | Miscellaneous page. New McAfee ePO Server Tasks Two new tasks have been added to the ePolicy Orchestrator Server Tasks list:

DLP Policy Push task pushes a policy to those computers that have no McAfee DLP Endpoint policy.

DLP tasks runner runs all enabled tasks. Currently only three Incident Manager tasks are run: mail notification, purge, and
set reviewer.

Resolved issues
Several text extractor issues were resolved by updating to Autonomy KeyView 10.15 (742173, 739891, 738998, 738230, 738149, 693151, 674896, 672102, 660768)

Document header or footer extracted twice for some .doc files Alternate text is extracted from embedded objects of .doc files Names of links to other document section inside .doc files not extracted

Installation instructions
For information about installing or upgrading McAfee DLP Endpoint, see the Installation section in the McAfee Data Loss Prevention Endpoint Product Guide version 9.3. This release can be installed in McAfee ePolicy Orchestrator 4.5, 4.6, or 5.0 running on the following operating systems:

Windows Server 2003 R2 family SP1 or later, 32-bit Windows Server 2008 32-bit and Windows Server 2008 R2 64-bit Windows Server 2012 64-bit

This release requires one of the following SQL Server versions:

Microsoft SQL Server 2005, 32- or 64-bit Microsoft SQL Server 2008, 32- or 64-bit Microsoft SQL Server 2012, 64-bit

Installing an upgrade
Upgrading the endpoint package is done through ePolicy Orchestrator. If you perform a phased upgrade and have a mixed environment that has some version 9.3 endpoints and other older version endpoints, first upgrade all existing endpoints to version 9.1 or later. Always upgrade the McAfee DLP Endpoint policy console before upgrading the McAfee DLP Endpoint client software. Do not downgrade. Extension downgrading damages the database and is therefore not supported. You cannot, for example, replace the McAfee DLP Endpoint policy console build 9.3.0 with build 9.2.0. McAfee DLP Endpoint version 9.3 adds a number of new text pattern definitions, which are not added to the policy during conversion. To add these new definitions, use the Template Synchronization Wizard .

Standalone agent installer

(deployed without ePolicy Orchestrator) The standalone agent installer runs without producing a log file. If you want to create a log file, use the included batch file to run the installer. The default path is the \temp folder. If you run the batch file from the server, remember to map the drive network. Important
The new path for the policy injection folder key is HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent\PolicyInjection . You should define the keys:

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent\PolicyInjection \\PolicyInjectionFolder &&

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent\PolicyInjection\\ PolicyInjectionRefreshIntervalInSec

Policy injection will fail if you do not do this.

McAfee ePO help extension

All supported versions of McAfee ePolicy Orchestrator use the same McAfee DLP Endpoint 9.3 help extension add-in, help_dlp_930.zip.

Known issues
For known issues in this product release, refer to KnowledgeBase article KB77168 .

Find product documentation

McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service , access the type of information you need: To access... User documentation Do this... 1 2 3 KnowledgeBase

Click Product Documentation. Select a product, then select a version. Select a product document. Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version.

Copyright 2013 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.