Trellix Data Loss Prevention

Discover 11.10.x Installation Guide

- October 2023
Contents

Installation overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Which type of installation do you need?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

First-time installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Upgrade installation workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Planning your installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Trellix DLP Discover options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Trellix DLP Discover system requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Pre-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Download product extensions and installation files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Prepare your network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Install software for the first time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Install the extension using Software Catalog (Software Manager). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Install the extension manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Check in the server software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Deploy the server software from Trellix ePO - On-prem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Deploy the Trellix DLP Discover in Nutanix environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Upgrade to a new software version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Upgrade the server software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Post-installation tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Getting started with Trellix DLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Get started with Trellix DLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Change the file size limit on evidence uploads to WebDAV. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

 WebDAV authoring rule permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Set up the Rights Management server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

License Trellix DLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Define a Rights Management server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Configure HTTPS for DLP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Back up and restore policies and settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

1| Installation overview

Installation overview
Which type of installation do you need?

Install Trellix® Data Loss Prevention software as a first-time installation or upgrade in Trellix® ePolicy Orchestrator - On-prem
on an on-premises, VDI, or AWS server. Deploy the Trellix® Data Loss Prevention Discover server software package to Windows
Servers.

First-time installation workflow

Before you can install Trellix DLP Discover for the first time, you must install and set up in the required configuration, and deploy
Trellix Agent to the network endpoints.

1. Download the software from the Trellix DLP download site, or use the Trellix ePO - On-prem Software Manager (Software
Catalog in Trellix ePO - On-prem 5.10) to view, download, and install the software.
2. Install the Trellix DLP extension in the Trellix ePO - On-prem Extensions folder.
3. Check in the Trellix DLP Discover server package to the Trellix ePO - On-prem Main Repository.

Note

If you are using the Registered Documents feature, check in the DLP Server package as well.If you are using the OCR
feature, check in the OCR package. See Trellix DLP Discover options for more information.

4 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
1| Installation overview

4. Deploy Trellix Agent to the Trellix DLP Discover servers.

5. Deploy the Trellix DLP Discover server software to the servers from the Trellix ePO - On-prem System Tree.
6. Verify the installation in the DLP Operations console .

Note

DLP Operations is a feature of the Trellix DLP extension in Trellix ePO - On-prem. You must install at least one license on
the DLP Settings page to use any of the Trellix DLP features.

Upgrade installation workflow

Upgrade installation requires only check-in and deployment of the Trellix DLP Discover server software.

1. Download the software from the Trellix DLP download site, or use the Trellix ePO - On-prem Software Manager or Software
Catalog (to view, download, and install the software.
2. Check in the Trellix DLP Discover server package update to the Trellix ePO - On-prem Main Repository.
3. Deploy the Trellix DLP Discover server software to the servers from the Trellix ePO - On-premSystem Tree.
4. Verify the installation in the DLP Operations console.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 5
1| Installation overview

6 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
2| Planning your installation

Planning your installation

Trellix DLP Discover options
Trellix DLP Discover can run on physical or virtual servers. You can install one or more Discover servers on your network using
Trellix ePO - On-prem Trellix ePO - SaaS (recommended) or manually.

Large networks typically divide the workload by LAN or workgroup, and Trellix DLP can assign different policies to different
groups. Reporting can be by group, or a rollup data server task can collect data from several servers to produce a single report.

Make sure that any servers you use for Trellix DLP Discover meet these requirements:

• The server has Trellix® Agent installed and running.

• The server is communicating with Trellix ePO - On-prem.
• The server is added to the Trellix ePO - On-prem System Tree.
Do not run other Trellix DLP server software on the same physical or virtual server.

Trellix DLP Discover software can be installed in one of two roles: Trellix DLP Discover server or DLP Server. The difference
between a Trellix DLP Discover server (one that can run scans) and a DLP Server (a registered database server) is the server role.
Setting the server role is done automatically when you install or upgrade from Trellix ePO - On-prem. When installing DLP Server
manually, use this command:

DiscoverServerInstallx64.exe ROLE=DLP

Trellix DLP Discover has an optional Optical Character Recognition (OCR) add-on package for extracting text from image files and
scanned images saved as PDF. The add-on is installed separately in the Trellix ePO - On-prem repository and deployed to the
server after deploying the Trellix DLP Discover server software. When updating, you must also update the OCR package, as it is
automatically deleted when you update the server software.

DLP Servers use HTTPS as a secure communications channel with other Trellix servers, and therefore must have Microsoft
Internet Information Services (IIS) installed. To use the registered documents feature, the DLP Server used to match Registered
Documents content fingerprints must also be specified on the Registered Documents page of the server configuration in the
Policy Catalog.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 7
2| Planning your installation

Trellix DLP Discover performs cryptographic operations in a way that is compliant with FIPS 140-2. Cryptographic libraries
bundled with Trellix DLP Discover always have FIPS mode enabled without any option to disable it. To enable FIPS mode on
Windows, refer to the published Security Policy Document for the applicable platform which can be found at the NIST Validated
Modules web site. For additional information, refer to the Microsoft FIPS 140-2 Validation documentation.

For information about installing and running Trellix Agent, see the Trellix Agent Installation Guide and Trellix Agent Product
Guide.

8 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
3| Trellix DLP Discover system requirements

Trellix DLP Discover system requirements

Item Requirement

Trellix ePolicy Orchestrator - On-prem 5.10.x

Trellix Agent
• 5.5.x and above
• 5.6.x and above

Trellix DLP Discover Server requirements

Item Requirement

Operating systems • Windows Server 2012 Std, 64-bit

• Windows Server 2012 R2 Std, 64-bit
• Windows Server 2016 Std, 64-bit
• Windows Server 2019

Note:
Trellix DLP Discover Server is not supported on
Domain Controllers or Windows Workstations

Hardware, minimum
• CPU — Intel Core 2 64-bit, 2 CPUs minimum
• RAM — 4 GB minimum
• Hard Drive — 100 GB minimum

Hardware, recommended
• CPU — Intel Core 2 64-bit, 12 CPUs
• RAM — 32 GB
• Hard Drive — 500 GB

Virtual servers
• VMware vSphere ESXi 5.0 Update 2 or 6.0
• VMware vCenter Server 5.0 Update 2 or 6.0
• VMware vSphere 6.5

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 9
3| Trellix DLP Discover system requirements

Item Requirement

• VMware Server 6.5

• VMware vSphere 6.7
• VMware Server 6.7
• Nutanix AHV 6.5

Trellix DLP Server requirements

Item Requirement

Operating systems • Windows Server 2012 Std, 64-bit

• Windows Server 2012 R2 Std, 64-bit
• Windows Server 2016 R2 Std, 64-bit
• Windows Server 2019

Note:
Trellix DLP Server is not supported on Domain
Controllers or Windows Workstations

Web server
• Microsoft Internet Information Services (IIS)
• .Net Framework 3.5

Hardware, minimum
• CPU — Intel Core 2 64-bit, 12 CPUs minimum
• RAM — 32 GB minimum
• Hard Drive — 500 GB minimum

Hardware, recommended
• CPU — Intel Core 2 64-bit, 24 CPUs
• RAM — 64 GB
• Hard Drive — 500 GB

10 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
4| Pre-installation tasks

Pre-installation tasks
Download product extensions and installation files
Before you can manually install the software, you must download the files for your installation. Alternatively, you can use
Software Catalog to download and install.

All Trellix DLP products use the Trellix DLP extension for Trellix ePO - On-prem. Install DLP_Mgmt_version_Package.zip as your
starting point.

You can also use the Trellix ePO - On-prem Software Catalog on Trellix ePO - On-prem 5.10 (Menu → Software → Software
Catalog) to view, download, and install the software.

In Trellix ePO - On-prem 5.9 or earlier, select Software Manager (Menu → Software → Software Manager) to view, download, and
install the software.

1. In a web browser, go to https://www.trellix.com/en-us/downloads.html.

2. Click Download. Enter your grant number, then select the product and version.
3. On the Software Downloads tab, select and save the appropriate file.

File description File name

Trellix Data Loss Prevention extension DLP_Mgmt_version_Package.zip

Server package for Trellix ePO - On-prem Discover_version.zip

Registered Documents server package for Trellix DLPServer_version.zip

ePO - On-prem

Server StandAlone DiscoverServerInstallx64.exe

OCR package DLP_OCRAddonPackage.zip

OCR StandAlone DLP_OCRAddon.msi

Prepare your network

Before installing Trellix DLP Discover software, you must configure the network, define administrators, and deploy the needed
software.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 11
4| Pre-installation tasks

1. Configure any intermediary firewalls or policy-enforcing devices to allow the specified ports for network communication.
All listed protocols use TCP only, unless noted otherwise. For information about ports that communicate with Trellix ePO -
On-prem , see KB66797.
Trellix DLP Discover default ports

Port, protocol Use

CIFS scans
• 137, 138, 139 — NetBIOS
• 445 — SMB

Box and SharePoint scans

• 80 — HTTP
SharePoint servers might be configured to use
• 443 — SSL
non-standard HTTP or SSL ports. If needed,
configure firewalls to allow the non-standard
ports.

53 — DNS (UDP) DNS queries

Microsoft Message Queuing (MSMQ)

• 1801 — TCP
• 135, 2101*, 2103*, 2105 — RPC
• 1801, 3527 — UDP
* Indicates that the port numbers might be
incremented by 11 depending on the available
ports at initialization.
For more information, see Microsoft KB article
178517.

Note:
MSMQ uses these ports only for internal
communication. Nothing needs to be opened
on the network firewall, but the local or host
firewall needs to allow these communications.

1433 Microsoft SQL

1521 Oracle

3306 MySQL

12 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
4| Pre-installation tasks

Port, protocol Use

50000 DB2

2. Create users and groups for administrative assignments.

3. Deploy Trellix Agent to the servers.
4. Install Microsoft Internet Information Services (IIS) on the DLP Servers.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 13
5| Install software for the first time

Install software for the first time

Install the extension using Software Catalog (Software Manager)
Using the Software Catalog (Trellix ePO - On-prem version 5.10 Software Manager in Trellix ePO - On-prem versions 5.9 or earlier)
is the most convenient method of installation. As an added benefit, you can also use it to upgrade and remove extensions.

Verify that the Trellix ePO - On-prem server name is listed under Trusted Sites in the Internet Explorer security settings.

1. In Trellix ePO - On-prem 5.10, select Menu → Software → Software Catalog.

In Trellix ePO - On-prem 5.9 or earlier, select: Menu → Software → Software Manager
2. In the left pane, expand the product categories and select Data Loss Prevention.
3. Select your Trellix DLP product extension you need to install.
In Trellix ePO - On-prem 5.9 or earlier, the install package and extension details are displayed in the lower pane.
4. For all available software, click Check In All. To install a specific extension, click Check In.
5. Select the checkbox to accept the agreement, then click Check In in Trellix ePO - On-prem 5.10. Click OK in Trellix ePO -
On-prem 5.9 or earlier.

The extension is installed. Extensions that are checked in appear in the Checked In Software list. As new versions of the software
are released, you can use the Update or Update All option to update the extensions.

Install the extension manually

Install the extension using the Extensions page.

Download the Trellix DLP extension from the Trellix download site.

1. In Trellix ePO - On-prem , select Menu → Software → Extensions, then click Install Extension.
2. Browse to the extension .zip file and click OK.
The installation dialog box displays the file parameters to verify that you are installing the correct extension.
3. Click OK to install the extension.

Check in the server software

You can add Trellix DLP Discover server software to the Trellix ePO - On-prem Main Repository to prepare for deployment to
enterprise servers. If you are using the Registered Documents feature, check in the DLP Server package and deploy it to the
server required to act as the registration database. For Optical Character Recognition (OCR) feature, you must check in the OCR
package.

Download the Trellix DLP Discover server software from the Trellix download site or use the Software Catalog.

14 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
5| Install software for the first time

For optimum performance, install Trellix DLP Discover server software on a clean server. Running other Trellix or third-party
applications on the Trellix DLP Discover server can impact performance.

1. In Trellix ePO - On-prem , select Menu → Software → Main Repository.

2. In the Main Repository, click Check In Package.
3. Select package type Product or Update (.ZIP), then click Browse.

• Trellix DLP Discover server packages are named Discover_[version number].zip.

• The DLP Server packages are named DLPServer_[version number].zip

• The OCR package is named DLP_OCRAddonPackage[version number].zip

4. Click Next.
5. Review the details on the Check in Package page, then click Save.
The package is added to the Main Repository.

Deploy the server software from Trellix ePO - On-prem

The server package is deployed to Windows servers and installs the Trellix DLP Discover server software and necessary
components such as .NET, postgreSQL, AD RMS client 2.1, and C++ redistributables.

Deploy Trellix Agent to the server and add the server to the Trellix ePO - On-prem System Tree.

1. In Trellix ePO - On-prem, select Menu → Product Deployment.

2. Click New Deployment.
3. On the Product Deployment page, do the following:
a. Type the name of the deployment task: Deploy DLP Discover Server.
b. Select the type: Continuous or Fixed.
c. Select the package from the drop-down list: Trellix DLP Discover Server [version_number] or DLPServer
[version_number].
The OCR package is an add-on. Complete all steps on this page for the Trellix DLP Discover server software before
deploying the OCR package.
d. Click Select Systems and choose the system to deploy.
4. In the System Tree, select the system to deploy to and click OK.
5. On the Product Deployment page, click Save.
6. Track the progress of the deployment on the Product Deployment page.

Deploy the Trellix DLP Discover in Nutanix environment

You can manually deploy the Trellix DLP Discover in Nutanix environment.

These steps are applicable to Nutanix AVH version 6.5.

Steps to create a Standard VM. You can use the same steps with appropriate VM size to create other types of VM.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 15
5| Install software for the first time

1. Log in to the Nutanix Prism Central web console with administrator privileges.
2. Add an image file
a. Go to Main Menu → Images and click Add Image. Click + Add File and browse to select the .iso file downloaded on
your system.
b. In the Image Source section, Image file and Type (ISO) are selected by default. Add the image source with these default
options and click Next.
c. In the Select Location section, the Placement Method is selected as Place image directly on clusters, by default.
Proceed with these default options and click Save.
After the import of image file is successful, the newly created image is shown in the list of images.
3. Create a Virtual Machine for deploying the Trellix DLP Discover
Use the recommended values to configure the CPU, memory, and disk needed to create an Virtual Machine:

CPU Memory Disk in GB

Standard VM 4 8 100

a. Go to Main Menu → VMs and click Create VM.

b. Configuration — To configure the VM, enter a name for the virtual machine. For the VM Properties, enter the values
for CPU and Memory as needed. Click Next.
c. Resources — Add all needed disks, CD ROM, and attach the machine to the subnet. For example, to create a Standard
VM, attach disk using the Attach Disk option. Click Attach Disk and select the Type as Disk, Operation as Allocate on
Storage Container, and the Bus Type as SCSI. Click Save.
d. To create a CD-ROM, click Attach Disk again. Select the Type as CD-ROM, Operation as Clone from Image, and select
the image that was added as an image in Step 2. Click Save.
e. Boot Configuration is selected as Legacy BIOS Mode, by default, continue with the default selection and click Next.
f. Management — Continue with the default options and click Next.
g. Review — Verify the machine configuration details and click Create VM.
After the virtual machine is successfully created, it is shown in the list of VMs.
4. Click the deployed virtual machine, and then click More → Power on to turn on the machine.
5. Click Launch Console.
The virtual machine console opens and you can continue with the installation.

16 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
6| Upgrade to a new software version

Upgrade to a new software version

Upgrade the server software
Upgrade installation consists of checking in and deploying the Trellix DLP Discover server software and OCR software packages.

Download the Trellix DLP extension and Trellix DLP Discover server software from the Trellix download site or use the Software
Catalog (with the Download option).

Upgrade the Trellix DLP extension in Trellix ePO - On-prem before upgrading the Trellix DLP Discover server software.

Note

The Trellix DLP extension version must be the same or newer than the Trellix DLP Discover server version.

The OCR package is deleted when you upgrade the Trellix DLP Discover server software. After deploying the upgrade Trellix DLP
Discover software, deploy the upgrade OCR package. The OCR package version must be the same as the Trellix DLP Discover
server software.

1. In Trellix ePO - On-prem, select Menu → Software → Main Repository.

2. In the Main Repository, click Check In Package.
3. Select package type Product or Update (.ZIP), then click Browse.

• The Trellix DLP Discover server package is named Discover_[version number].zip.

• The DLP Server package is named DLPServer_[version number].zip

• The OCR package is named DLP_OCRAddonPackage.zip

4. Click Next.
5. Review the details on the Check in Package page, then click Save.
The package is added to the Main Repository.
6. Deploy the server software with Trellix ePO - On-prem.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 17
7| Post-installation tasks

Post-installation tasks
Getting started with Trellix DLP
DLP Getting Started helps you configure Trellix DLP product quickly and you can begin to protect your data immediately
post-installation. With this feature, you can add license and shared location details, and create your first Trellix DLP rule and
policy.

Perform the following steps to help get you started with Trellix DLP:

1. License — Enter the license keys to activate your Trellix DLP products. You must enter at least one license key — more if you
have multiple Trellix DLP products. The licenses you enter determine which configuration options in Trellix ePO - On-prem
are available to you.
2. Shared Location — Set up a shared location for storing a copy of evidence files, registered documents, and ignored text.

Note

The next four steps help you create your first Trellix DLP policy.

3. Classifications — Select the data classifications you want to protect. Trellix DLP identifies and tracks sensitive content based
on these classifications. Trellix DLP provides a list of built-in classifications to start with.
4. Vectors — Enable the enforcement points for where you want to protect data, and grant exclusions for any safe domains.
These vectors need a Trellix DLP Endpoint or Trellix DLP Monitor or Trellix DLP Prevent license.
These vectors need a Trellix DLP Endpoint license.

• Clipboard — Protect your assets being copied with the Windows clipboard.
• Cloud — Protect your assets being synced to cloud applications.
• Network share — Protect your assets when storing in network shares.
• Printer — Protect your assets from being printed.
• Removable storage — Protect your assets from being written to or from removable storage devices.
• Screen capture — Protect your assets from being copied using a screen capture tool.
5. Exceptions — Set up your Active Directory and specify the User Groups and Users you want to exclude from this policy.

You can change these configurations and add policies in DLP Getting Started later.

The DLP Getting Started feature in Trellix ePO - On-prem is as shown:

18 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
7| Post-installation tasks

Get started with Trellix DLP

Use the DLP Getting Started feature to set up your license and shared location details, and to create your first Trellix DLP policy.

Make sure you have the minimum required permissions to create rules and policies in Trellix DLP. You must configure the
following permissions for full use:

• DLP Policy Manager

• Classification
• Definitions

1. In Trellix ePO - On-prem, select Menu → Data Protection → DLP Getting Started.
2. In the License page, enter the license key for each license you want to add, then click the checkmark.
The licenses you enter activate the components available to you in the next steps of DLP Getting Started. It also activates
the related Trellix ePO - On-prem components and Policy Catalogs.
3. On the Shared location page, enter the UNC path (SMB) or the URL (WebDAV) to a shared location to save your evidence
copy, registered documents, and ignored text. You have two options for shared location:

• Enter your own credentials for a shared location. Click Test Credentials to make sure you entered the credentials
correctly.
• For Windows environment only, use the local Windows system account for your shared location.

Note

To enable HTTPS support for WebDAV, the relevant certificate authority (CA) certificates must be installed on the
endpoints for successful SSL trust verification.

License keys and shared location are mandatory steps for setting up your Trellix DLP environment and can be changed later
in DLP Settings.
4. On the Classifications page, select the classifications you want to protect from the Trellix DLP built-in classifications list.

Note

You can add user-defined classifications later from Menu → Data Protection → Classification.

5. On the Enforcement page, select the method of enforcement for this policy; Stealth, Coach, or Block.
6. On the Exceptions page, select the User Groups and Users you want to exclude from your policy. If you haven't configured
your Active Directory, click the Configure Active Directory link to add configuration details for your Active Directory servers.
7. In the Policy Summary pane, review your selections and click Finish.
8. (Optional) Click Start Over to return to the Classifications page and create another data protection rule.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 19
7| Post-installation tasks

Note

When you click Start Over, you can configure a new rule and rule set only. Go to DLP Policy Manager to assign this rule
set to a policy.

Your Trellix DLP products are now registered and your first Trellix DLP policy is created. User notifications and blocked actions
will be enforced based on your selected enforcement mode. Click one of the suggested links in the Next steps pane to continue
setting up your Trellix DLP environment.

Change the file size limit on evidence uploads to WebDAV

When a WebDAV server is set up using Microsoft Internet Information Services (IIS), the default maximum allowed content length
is 28 MB. You can increase this value to allow upload of files greater than 28 MB. However, the recommended value to allow
upload of files is 40 MB.

You must set a value greater than the Maximum evidence file size limit set in Policy Settings → Shared Storage and Evidence.
There is a maximum size limit of 250 MB for files uploaded to the Registered Document Repository.

1. In Microsoft Internet Information Services Manager (IIS), select your WebDAV folder and click Request Filtering.
2. In the Actions menu on the right, click Edit Feature Settings.
3. The default value in the Maximum allowed content length (bytes) field is set to 28 MB. Type your preferred limit for
evidence files upload. The limit is calculated in bytes.

The new file size limit for your WebDAV storage is set in IIS.

WebDAV authoring rule permissions

You must provide specific permissions for users to access WebDAV shared storage.

1. In Microsoft Internet Information Services Manager (IIS), select your WebDAV folder and click Authoring Rule.
2. Under Permissions, select the checkboxes for Read, Source, and Write, and click OK.

Authentication type

Configure the type of permitted authentication in Microsoft Internet Information Services (IIS).

1. In Microsoft Internet Information Services Manager (IIS), select your WebDAV folder and click Authentication.
2. From the authentication list, select Password based Authentication.
3. In the Actions menu on the right, click Providers.
4. Select the type of authentication and click Add.

Note

Select Negotiate if you want to use Kerberos authentication.

20 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
7| Post-installation tasks

Set up the Rights Management server

If you are working with a Rights Management system, you must set up and register the rights management server. You must also
install the needed version of the Active Directory Rights Management Services Client for Trellix DLP Discover to be able to apply
Rights Management encryption to files.

1. Set up the Rights Management server and register it with Trellix ePolicy Orchestrator - On-prem.
2. For Trellix DLP Endpoint only, install Active Directory Rights Management Services Client 2.1 build 1.0.2004.0 on each
endpoint using RM services.

License Trellix DLP

To access your Trellix DLP products, license details are required when accessing Trellix DLP for the first time and are entered in
DLP Getting Started. Additional new licenses and edits to existing licenses are configured in Data Protection → DLP Settings.

Note

You can enter a license for either Trellix DLP Endpoint or Trellix Device Control in the Trellix DLP Endpoint field. Replacing one
type of license with another changes the configuration.

You can enter keys for these products:

• Trellix DLP Endpoint or Trellix Device Control

• Trellix DLP Discover
• McAfee Legacy Network DLP (9.3.x)
• Trellix DLP Prevent (10.x or later)
• Trellix DLP Monitor (11.x or later)
The DLP Settings module has eight tabbed pages. Information about the General tab is required. You can use the default values
or fields for most of the remaining settings if you don't have special requirements.

The Skyhigh Security Cloud Server tab is used to set up integration with Skyhigh Security Cloud.

1. In Trellix ePO - On-prem, select Menu → Data Protection → DLP Settings.

2. On the General tab in the License Keys → Key field, enter the license key for each license that you want to add, then click
Add.
Installing the license activates the related Trellix ePO - On-prem components and Trellix ePO - On-prem Policy Catalog
policies.
3. In the Default Evidence Storage field, enter the path.
The evidence storage path must be a network path, that is \\[server]\[share]. This step is required to save the settings and
activate the software.
4. Set the shared password.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 21
7| Post-installation tasks

5. Set the backward compatibility.

Choose from one of the five options ranging from 9.4.0.0 to 11.0.0 and later compatibility. This setting limits the possibility
of using new features.
Two modes of compatibility are available: strict and non-strict. In strict mode, policies with backward compatibility errors
cannot be applied. In non-strict mode, the policy owner, or a user with Administrator permissions, can choose to apply
policies with backward compatibility errors.

Note

If you are using multiple client versions, set the compatibility to match the oldest client version in use.

6. Click Save.
7. To back up the configuration, select the Back Up & Restore tab, then click Backup to file.

Trellix DLP modules appear in Menu → Data Protection according to the licenses entered.

Define a Rights Management server

Trellix DLP Endpoint and Trellix DLP Discover support two Rights Management (RM) systems: Microsoft Windows Rights
Management Services (RMS) and Seclore FileSecure™. To use these systems, configure the server providing the RM policies
in Trellix ePO - On-prem.

• Set up the RM servers according to the Microsoft or Seclore instructions and create users and policies. Obtain the URL
and password for all servers — policy template, certification, and licensing.
• If you are adding an Azure server for integration with Azure Information Protection, you need to first register a client
application with Azure Active Directory. See KB91833 for details about registering a client application with Microsoft
Azure.
• For Seclore, you need the Hot Folder Cabinet ID and passphrase, and information about advanced licenses, if any.
• Verify that you have permission to view, create, and edit Microsoft RMS and Seclore servers. In Trellix ePO - On-prem,
select Menu → User Management → Permission Sets, and verify that you belong to a group that has the needed
permissions in Registered Servers.
• Install Active Directory Rights Management Services Client 2.1 build 1.0.2004.0 on each endpoint using RM services. The
Apply RM command doesn't work without this version of the RM client.

1. In Trellix ePolicy Orchestrator - On-prem, select Menu → Registered Servers.

2. Click New Server.
The Registered Servers description page opens.
3. From the Server type drop-down list, select the type of server you want to configure: Microsoft RMS Server, Azure Server, or
Seclore Server.
4. Type a name for the server configuration, then click Next.
5. Enter the required details. When you have entered the required fields, click Test Connectivity to verify the data entered.

22 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
7| Post-installation tasks

• RMS settings also include a DLP enforcement settings section. The Local path to RMS template field is optional, but
the URL fields for certification and licensing are needed unless you choose the AD auto-service discovery option.
• Seclore requires HotFolder Cabinet information, but more license information is optional.
• Azure Server settings require:
Rights management owner is the user that owns all files that are protected with Azure RMS rule reaction.
Application (Client) ID, Directory (Tenant) ID, and Client Secret as defined in the Azure application
registration details.
Azure Label IDs and Names as it appears in your Azure account. These labels can be selected for protection
in rule reactions.

6. Click Save when you have completed the configuration.

Configure HTTPS for DLP Server

DLP Server uses HTTPS as a secure communications channel with other Trellix servers. After installing DLP Server, configure the
server to enable HTTPS.

Obtain a certificate file from the certificate authority. You can use the certificate request tool (Server Certificates → Actions →
Create Certificate Request in IIS to obtain the certificate.

Trellix DLP Server software employs Microsoft Internet Information Services (IIS) as a web server, using HTTPS as a secure
communications channel. HTTPS uses Secure Sockets Layer (SSL) to exchange information between the server and clients. To
enable SSL/HTTPS in IIS you must configure the server with an SSL certificate file obtained from a certification authority.

1. Obtain a certificate file.

a. In IIS, go to Server Certificates → Actions → Create Certificate Request.
b. Fill in the required fields on the first page and click Next.
c. Review the second page. In most cases, you can accept the defaults. Click Next, then Finish.
d. Send your request to the certificate authority to order your certificate.
2. Install the certificate file.
a. In IIS, go to Server Certificates → Actions → Complete Certificate Request.
b. Enter the name of the file you received from the certificate authority.
c. In the Friendly name field, enter the name you want to appear in the IIS certificates list.
d. Select Personal for the certificate store value, then click OK.
The certificate appears in the IIS certificates list.
3. Create a binding.
This step is required to make the web site available by HTTPS.
a. In the Connections (left) panel in IIS, select DlpServer.
b. Select Actions → Bindings.
c. Select https, then click Edit.
d. Select your certificate (by Friendly name) from the SSL certificate drop-down list. Click OK.

Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023 23
7| Post-installation tasks

We recommend configuring IIS to accept connections only from a list of specified Trellix DLP Discover, Trellix DLP Prevent, Trellix
DLP Monitor, and other Trellix servers that need access to the DLP Servers. For information on restricting IIS to specific IPs, see
Microsoft's IP Security documentation.

Back up and restore policies and settings

You can create a backup of your Trellix DLP policies and settings, and then restore them by loading it to another Trellix ePO -
On-prem server. This includes all your configurations in Data Protection → DLP Settings.

You can encrypt your backup file by setting up a password. Set up an encryption password so that your Shared Password isn't in
readable format when recovering the backup file.

1. Back up your Trellix DLP Endpoint policies and settings.

a. In Trellix ePO - On-prem, select Data Protection → DLP Settings → Backup & Restore.
b. Leave the default setting for Encrypt the backup file and enter an encryption password.
c. Click Backup to file. Options allow you to select the backup path, to open the file, and to save it.
d. (Optional) Select the checkbox to save the policy injection object (OPG) in the backup.
2. Restore your Trellix DLP Endpoint settings.
a. In another Trellix ePO - On-prem server, select Data Protection → DLP Settings → Backup & Restore.
b. Select the checkbox Password if the backup file is encrypted.
c. Enter the password you set for encrypting the backup file.
d. Click Restore from file and select the file you saved.

A restore report is generated for review.

24 Trellix Data Loss Prevention Discover 11.10.x Installation Guide - October 2023
COPYRIGHT
Copyright © 2024 Musarubra US LLC.

Trellix and FireEye are the trademarks or registered trademarks of Musarubra US LLC, FireEye Security Holdings US LLC and their affiliates in the
US and /or other countries. McAfee is the trademark or registered trademark of McAfee LLC or its subsidiaries in the US and /or other countries.
Skyhigh Security is the trademark of Skyhigh Security LLC and its affiliates in the US and other countries. Other names and brands are the
property of these companies or may be claimed as the property of others.