McAfee Security for Microsoft Exchange 8.6.0

Configure DLP and compliance rules

Create or modify DLP and Compliance rules and dictionaries, to suit your Exchange organization's requirement.

Task
1 From the product's user interface, click Policy Manager | Shared Resource.
The Shared Resources page appears.
2 Click DLP and Compliance Dictionaries tab.
3 From the Select a Language drop-down list under DLP and Compliance Rules section, select the language.
You can also view and edit all supported locale dictionaries. (The supported locales are Chinese Simplified, French, German, Japanese, and Spanish.)
4 From the Category drop-down list under DLP and Compliance Rules section, select the category you want to view or configure. The rules group appears with the name, policies used by, and action to configure. You can use:
Option definitions
Option Definition
Category To select the required scanner that you want to configure. This release has 60 more DLP and Compliance dictionaries ensuring that email content is in accordance with your organization’s confidentiality and compliance policies.

Pre-defined Compliance Dictionaries include:

Addition of 60 new DLP and Compliance dictionaries
Support for industry specific compliance dictionaries - HIPAA, PCI, Source Code (Java, C++ etc.)

These dictionaries are categorized as:

Score based — A rule is triggered when email exceeds the threshold score and maximum term count, resulting in reduced false positives.
Non-score based — A rule is triggered when a word or phrase is found in the email message.
New Category To create a new DLP and Compliance Rules dictionary.
Any new category or condition that you create is non-score based.
Create New To create new rules group for the selected category, based on your requirement. Required in a situation where you need specific rules to trigger a detection and apply it in a policy.
Edit To edit settings for the selected DLP and Compliance rule.
Delete To delete the DLP and Compliance rule.
You cannot delete a DLP and Compliance rule, if
It is enabled. Deselect the rule, Apply the settings, then click Delete.
If it is used by any policy. To know, how many policies use this scanner setting, see the Used By column.
For example, select Credit Card Number or any dictionary that suits your needs, from the Category drop-down list and see the enhanced Rules Group option available.
5 To create a new rules group, click Create New for DLP and Compliance Rules for a selected category.
The New DLP and Compliance Scanner Rule page appears for the selected category.
6 Type the Rule Name and Description for the rule.
7 Select Add this rule to this category's rules group to add the new rule to the rules group for the selected category.
8 Under Word or Phrase, specify the words or phrases to look for, in The rule will trigger when the following word or phrase is found. Then select one of the following options:
Regular Expression — If enabled, the rule is triggered for specified text that is a regular expression (regex). Regex is a precise and concise method for matching strings of text, such as words, characters, or patterns of characters.

For example, the sequence of characters "tree" appearing consecutively in any context, such as trees, street, or backstreet.

Regex is disabled for some phrases.
See http://www.regular-expressions.info/reference.html or http://www.zytrax.com/tech/web/regex.htm for more details.
Ends with — If enabled, the rule is triggered for specified text that forms the last part of the word or phrase.
Use Wildcard — If enabled, the rule is triggered for the specified word or phrase that contain wildcard characters. (Wildcard characters are often used in place of one or more characters when you do not know what the real character is or you do not want to type the entire name). Case Sensitive — If enabled, the rule is triggered if the case of the specified text matches the word or phrase.
Starts with — If enabled, the rule is triggered for specified text that forms the beginning of the word or phrase.
To detect a word or phrase with exact match, select both Starts with and Ends with option.
9 Select Specify additional contextual words or phrases, which is a secondary action when the primary word or phrase is detected. Specify any additional word or phrase that can accompany the primary word or phrase that triggers a detection.
10 Select from Trigger if ALL of the phrases are present, Trigger if ANY of the phrases are present or Trigger if NONE of the phrases are present from the drop-down menu.
11 Select within a block of to specify the number of Characters from a block to be scanned.
12 Click Add Contextual word to type additional words or phrases.
13 Specify the word or phrase in Specify words or phrases, select one of the conditions (same options as in Step 7), then click Add.
14 Under File Format, select Everything to enable all file categories and its subcategories. You can select multiple categories and file types within the selected categories to be matched. Selecting All in the subcategory selector overrides any other selections that may have already been made.
15 If you have not selected Everything, then click Clear selections to deselect any of the selected file type options.
16 Click Save to return to Shared Resources page.
17 Click Apply to save the settings.
You have now successfully configured the DLP and Compliance rules and dictionaries, to suit your Exchange organization's requirement.