ONTAP Discussions

Data Loss Prevention Discover Software



Does anybody has experience on how to allow an external DLP Software (McAfee) having a sight to all NAS shares and also requests "modify rights" on them?

Kind Regards




Have you try to run the service under a domain admin user?

Make sure the user is a part of the local admin group.


Hi Mjizzini


Thank you for your answer.


I created a seperate group like the builtin/administrators-group with only the "SeTcbPrivilege"  and shared the "/" as read-only. This seems to work but I don't know if this is the right way to give access to a DLP-Application because the solution as that is bypassing all security settings set on shares (cifs) and exports (nfs). As soon as the DLP application requests modify rights I need to really think about that again.


We do not have "a general group" on all our shares where I simply could put the dlp-user into that group and access would be granted, and,  we do host millions of files.


Some more questions are:

Why DLP application asks for modify rights? I can not imagine what will be happen when the DLP client system catches malware or does wrong functions.

There are also aspects on auditing and performance..


I am really wondering on how do other NAS administrators handle DLP?




kind regards