McAfee Data Loss Prevention 9.2.2 Product Guide

Integrating McAfee DLP EndpointTagging and tracking 53 From the Actions menu, select Add New.The Add Web Application Definition window appears.4 Type in a name and optional description for the new web application definition.5 Select a Parameter Name checkbox from the available list.The Edit Definition Parameter dialog box appears.6 Select or enter values that define the parameter.Click + to add additional parameters.7 Click Apply, then Save.Location-based taggingLocation‐based tags identify protected shares that contain confidential files. If downloaded todesktops, those files are automatically tagged.For example, users who do not belong to an executive group might attempt to copy and distributedocuments from a restricted executive share. In that case, location‐based tags are automaticallyapplied to record the attempt to access confidential information. Pre‐programmed actions, such asblock, notify, and store evidence, might also be activated when the location tag is applied.Location‐based tags are most often implemented to prevent unauthorized users from accessing sharesthat contain sensitive data.Protect data using a network pathThe Network Path parameter can be used to ensure that a network share containing confidential files isprotected. It is used to prevent modification of documents while they are on that protected share. Bycontrast, the Location Path parameter is used to tag files that are copied from a local share to a desktop.Before you beginIf you want to tag sensitive files, create a tag label under Endpoint Configuration, or use anexisting one. If you want to trigger an action when the rule hits, make sure that the actionrule you intend to use has the right action settings. If not, add a Data‐in‐Use action rule, orcreate a new one.If you have to keep a specific file system secure (for example, a share containing forensic records thatmust be preserved intact), you can type a network path, or select one from a directory server, and usean action rule to prevent them from being modified.If you just want to identify files that are downloaded from a location path, you can tag them duringthe download process, then use that tag to control what can be done to them. For example, you mightwant to allow download but not allow users to modify them. In that case, you can use rules and actionrules to locate the tagged files and apply the desired reaction.If you want to keep sensitive documents on specific shares from being downloaded or compromised,you might give them a collective tag (for example, Human Resources) that can be used in combinationwith an action rule to prevent download or modification. You could tag each document on a sharemanually, but you could also use that tag with a discovery scan to control similarly‐tagged documentsin unknown locations.McAfee Data Loss Prevention 9.2.2 Product Guide 157