McAfee Data Loss Prevention 9.2.2 Product Guide
Share Embed Flag
Download ePaper

McAfee Data Loss Prevention 9.2.2 Product Guide

McAfee Data Loss Prevention 9.2.2 Product Guide McAfee Data Loss Prevention 9.2.2 Product Guide

kb.mcafee.com
from kb.mcafee.com More from this publisher
12.07.2015 Views

2Using McAfee DLP MonitorRules used by the capture engine• Number of results supported • Parts of speech excluded from capture• Time‐stamping files • Short word handling• Archive handling • Special character exceptions• Case insensitivity • Word stemming• Microsoft Office 2007 anomaliesDistributed searchingSearches that are distributed to more than one McAfee DLP appliance are handled through McAfee DLPManager.Although distributed searches default to All Devices, the Devices button on the Advanced Search pagesupports searches on specific McAfee DLP devices.Large-scale searchesSearches that take over 60 seconds to process run in background mode. When the search is complete,the user who is logged on is notified by email.Although distributed searches default to All Devices, the Devices button on the Advanced Search page supportssearches on specific McAfee DLP devices.Number of results supportedThe search engine imposes limitations on the number of search results supported by McAfee DLP.The search engine is designed to retrieve no more than 100,000 results at a time. If this limit isexceeded, match strings will not be retrieved, and hits on substrings might return overly broadresults.The dashboard incident list is limited to 5,000 results, but up to 150,000 incidents can be exported viaCSV. Export from dashboard is limited to 5K. If your search results exceed this number, narrow yourquery and repeat the search.Archive handlingWhen archived files are captured, they are opened and their contents are analyzed by the indexer.The search engine finds, extracts, and evaluates content in .zip, .gzip, and .tar archives, but only ifthe compressed file type is identified in the query.The following compressed file types are supported:• GZIP • Compress• ZIP • MS Cabinet• TAR • EncryptedZip• StuffIt • RAR• BinHex • TNEF38 McAfee Data Loss Prevention 9.2.2 Product Guide

Using McAfee DLP MonitorRules used by the capture engine 2Case insensitivityCase sensitivity is ignored by the search engine.For example, if a query is defined in ALL CAPS, the indexer retrieves and reports the matching contentwhether it is in uppercase or lowercase.Microsoft Office 2007 anomaliesThe indexer ignores certain Microsoft Office attributes because of the way those applications handlefonts, colors, macros, and page definition.• If two dictionary words are merged together, the merged word will not be found. For example,American and Recovery are two dictionary words. If they are merged into the wordAmericanRecovery, they will not be found.• If a word in a Microsoft Office document has different fonts and colors, the word will not be read asa whole and will not be found. For example, if all the letters in the word Recovery are of differentfonts and colors, it will not be found.• If a word continues across two different pages, it will not be found. For example, if the wordRecovery is spread across two pages (one page contains Rec and the second page contains overy),it will not be found.• Words in documents that use special Microsoft Office font features like WordArt, SmartArt, andwatermarks will not be found.• Words present in macros in Microsoft Office documents, and headers and footers in PowerPoint andExcel, will not be found.Negative searchesThe database cannot recognize queries that consist entirely of negative terms because a querycontaining only words that are not to be found is instructing the search engine not to search.For this reason, some scope of data within which the term will not be found must be defined.Proper name treatmentThe indexer treats proper names like keywords, so it is not necessary to capitalize them.Parts of speech excluded from captureThe capture engine excludes common parts of speech to prevent insignificant results from beingstored and retrieved.For example, the following parts of speech are ignored by the indexer:• a • else• and • while• this • with• thereforeUsers can deploy the Stop‐Word concept to define words the capture engine should ignore.McAfee Data Loss Prevention 9.2.2 Product Guide 39

Using <strong>McAfee</strong> DLP MonitorRules used by the capture engine 2Case insensitivityCase sensitivity is ignored by the search engine.For example, if a query is defined in ALL CAPS, the indexer retrieves and reports the matching contentwhether it is in uppercase or lowercase.Microsoft Office 2007 anomaliesThe indexer ignores certain Microsoft Office attributes because of the way those applications handlefonts, colors, macros, and page definition.• If two dictionary words are merged together, the merged word will not be found. For example,American and Recovery are two dictionary words. If they are merged into the wordAmericanRecovery, they will not be found.• If a word in a Microsoft Office document has different fonts and colors, the word will not be read asa whole and will not be found. For example, if all the letters in the word Recovery are of differentfonts and colors, it will not be found.• If a word continues across two different pages, it will not be found. For example, if the wordRecovery is spread across two pages (one page contains Rec and the second page contains overy),it will not be found.• Words in documents that use special Microsoft Office font features like WordArt, SmartArt, andwatermarks will not be found.• Words present in macros in Microsoft Office documents, and headers and footers in PowerPoint andExcel, will not be found.Negative searchesThe database cannot recognize queries that consist entirely of negative terms because a querycontaining only words that are not to be found is instructing the search engine not to search.For this reason, some scope of data within which the term will not be found must be defined.Proper name treatmentThe indexer treats proper names like keywords, so it is not necessary to capitalize them.Parts of speech excluded from captureThe capture engine excludes common parts of speech to prevent insignificant results from beingstored and retrieved.For example, the following parts of speech are ignored by the indexer:• a • else• and • while• this • with• thereforeUsers can deploy the Stop‐Word concept to define words the capture engine should ignore.<strong>McAfee</strong> <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> <strong>9.2.2</strong> <strong>Product</strong> <strong>Guide</strong> 39

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!