search cancel

Sensitive file transfers over FTP are not blocked but an incident is logged in Enforce

book

Article ID: 164035

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Discover Data Loss Prevention Endpoint Discover

Issue/Introduction

A "Block FTP" response rule is set up in Enforce and file containing sensitive information attempts to be moved using an FTP client. The incident is logged on the Enforce Server, but the FTP file transfer is not blocked.

Environment

This behavior has been observed with multiple different FTP clients when McAfee Web Gateway is set up as the proxy. The issue has occurred with multiple versions of McAfee Web Gateway as well, including version 7.5.2 and 7.7.x.

Cause

Our software communicates appropriately to the McAfee Web Gateway proxy, but something in the configuration settings on the McAfee Web Gateway proxy doesn't allow the block to occur.

 

Resolution

Contact McAfee support to obtain configuration information specific to your implementation that allows blocking to take place when our Block FTP rules are met.