cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 10

Applying DLP agent policiies without EPO!

I am deploying DLP agents 2.2.200.11 using EPO 4p4 and everything is going well. The problem I have is I need to deploy DLP to remote machines that are not on a network and hence can not connect to the EPO server.

If I run the DLP agent MSI it installs but how do I import/use the policy I've created? Is this possible? I've exported the policies to opg file from EPO.

Many thanks in advance,
Mark
9 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 10

DPL policy injection

Hi

These are the steps to perform policy injection:

(a) Set the agent to a policy injection mode:
1. Install the DLP Agent and do NOT perform reboot after installation.
2. Open the following registry key on your agent machine:
---- HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent
3. Add the following 2 properties to the registry key:
---- PolicyInjectionRefreshIntervalInSec = 00000003 (this value is type DWORD)
---- PolicyInjectionFolder = c:\Temp\PoIicy (this value is a string and can be any valid path on your machine.)
4. restart the agent machine.

(b) inject the policy
1. Prepare your policy: in the Management Console create the policy and save it to disk. You will get the following 3 files:
---- GlobalPolicy.opg
---- GlobalPolicy.opgc
---- GlobalPolicy.opgg

2. Copy these 3 files into the c:\Temp\PoIicy on the agent machine (no need to restart again, the agent-service will
see that the files are there and will take them).


Good luck

Alex
Highlighted
Level 7
Report Inappropriate Content
Message 3 of 10

RE: DPL policy injection

Works a treat,
Thanks Alex
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 10

Re: DPL policy injection

Hi,

I found this useful after applying wrong policy which effectively blocked almost all machine interfaces, including network cards.

Policy injection however do not work if DLP agent is already activated, so you have to do some additional steps.

These are:

1. Boot system in safe mode.

2. Kill fcags.exe process (sometimes two times or more).

3. Manually delete DLP folder.

4. Perform steps from policy injection procedure.

5. Restart machine in normal mode.

6. Install DLP agent manually from installation package.

7. Reboot machine and wait for application of injected polices.

I hope someone will find this useful.

Highlighted
Level 12
Report Inappropriate Content
Message 5 of 10

Re: DPL policy injection

I've moved this thread to our Host DLP product area. Please let me know if it belongs in Network DLP.

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 10

Re: Applying DLP agent policiies without EPO!

Hello,

can I apply this solution in a DLP 9.3 environment?

Thanks and best regards.

Highlighted
Level 7
Report Inappropriate Content
Message 7 of 10

Re: Applying DLP agent policiies without EPO!

no body to way this way for dlp 9.3

Highlighted
Level 7
Report Inappropriate Content
Message 8 of 10

Re: Applying DLP agent policiies without EPO!

this way to install dlp  without epo

(a) Set the agent to a policy injection mode:

1. Install the DLP Agent and do NOT perform reboot after installation.

2. Open the following registry key on your agent machine:

---- HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent

3. Add the following 2 properties to the registry key:

---- PolicyInjectionRefreshIntervalInSec = 00000003 (this value is type DWORD)

---- PolicyInjectionFolder = c:\Temp\PoIicy (this value is a string and can be any valid path on your machine.)

in dlp 9.3 HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent\PolicyInjection

4. restart the agent machine.

(b) inject the policy

1. Prepare your policy: in the Management Console create the policy and save it to disk. You will get the following 3 files:

---- GlobalPolicy.opg

---- GlobalPolicy.opgc

---- GlobalPolicy.opgg

2. Copy these 3 files into the c:\Temp\PoIicy on the agent machine (no need to restart again, the agent-service will

see that the files are there and will take them).

Highlighted

Re: Applying DLP agent policiies without EPO!

Hi

These are the steps to perform policy injection:

(a) Set the agent to a policy injection mode:

1. Install the DLP Agent and do NOT perform reboot after installation.

2. Open the following registry key on your agent machine:

---- HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent

3. Add the following 2 properties to the registry key:

---- PolicyInjectionRefreshIntervalInSec = 00000003 (this value is type DWORD)

---- PolicyInjectionFolder = c:\Temp\PoIicy (this value is a string and can be any valid path on your machine.)

4. restart the agent machine.

(b) inject the policy

1. Prepare your policy: in the Management Console create the policy and save it to disk. You will get the following 3 files:

---- GlobalPolicy.opg

---- GlobalPolicy.opgc

---- GlobalPolicy.opgg

2. Copy these 3 files into the c:\Temp\PoIicy on the agent machine (no need to restart again, the agent-service will

see that the files are there and will take them).

Good luck

Highlighted

Re: Applying DLP agent policiies without EPO!

hello razi hasan

can u tell me how to do export following extension files from ePO because i had tried but still not able to export these file.

     GlobalPolicy.opg

---- GlobalPolicy.opgc

---- GlobalPolicy.opgg

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community