cancel
Showing results for 
Search instead for 
Did you mean: 
markoo0
Level 7
Report Inappropriate Content
Message 1 of 10

Applying DLP agent policiies without EPO!

I am deploying DLP agents 2.2.200.11 using EPO 4p4 and everything is going well. The problem I have is I need to deploy DLP to remote machines that are not on a network and hence can not connect to the EPO server.

If I run the DLP agent MSI it installs but how do I import/use the policy I've created? Is this possible? I've exported the policies to opg file from EPO.

Many thanks in advance,
Mark
9 Replies
Guest12
Level 7
Report Inappropriate Content
Message 2 of 10

DPL policy injection

Hi

These are the steps to perform policy injection:

(a) Set the agent to a policy injection mode:
1. Install the DLP Agent and do NOT perform reboot after installation.
2. Open the following registry key on your agent machine:
---- HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent
3. Add the following 2 properties to the registry key:
---- PolicyInjectionRefreshIntervalInSec = 00000003 (this value is type DWORD)
---- PolicyInjectionFolder = c:\Temp\PoIicy (this value is a string and can be any valid path on your machine.)
4. restart the agent machine.

(b) inject the policy
1. Prepare your policy: in the Management Console create the policy and save it to disk. You will get the following 3 files:
---- GlobalPolicy.opg
---- GlobalPolicy.opgc
---- GlobalPolicy.opgg

2. Copy these 3 files into the c:\Temp\PoIicy on the agent machine (no need to restart again, the agent-service will
see that the files are there and will take them).


Good luck

Alex
markoo0
Level 7
Report Inappropriate Content
Message 3 of 10

RE: DPL policy injection

Works a treat,
Thanks Alex
Reliable Contributor SCtbe
Reliable Contributor
Report Inappropriate Content
Message 4 of 10

Re: DPL policy injection

Hi,

I found this useful after applying wrong policy which effectively blocked almost all machine interfaces, including network cards.

Policy injection however do not work if DLP agent is already activated, so you have to do some additional steps.

These are:

1. Boot system in safe mode.

2. Kill fcags.exe process (sometimes two times or more).

3. Manually delete DLP folder.

4. Perform steps from policy injection procedure.

5. Restart machine in normal mode.

6. Install DLP agent manually from installation package.

7. Reboot machine and wait for application of injected polices.

I hope someone will find this useful.

ajacobs
Level 12
Report Inappropriate Content
Message 5 of 10

Re: DPL policy injection

I've moved this thread to our Host DLP product area. Please let me know if it belongs in Network DLP.

lantuin
Level 7
Report Inappropriate Content
Message 6 of 10

Re: Applying DLP agent policiies without EPO!

Hello,

can I apply this solution in a DLP 9.3 environment?

Thanks and best regards.

mrp
Level 7
Report Inappropriate Content
Message 7 of 10

Re: Applying DLP agent policiies without EPO!

no body to way this way for dlp 9.3

mrp
Level 7
Report Inappropriate Content
Message 8 of 10

Re: Applying DLP agent policiies without EPO!

this way to install dlp  without epo

(a) Set the agent to a policy injection mode:

1. Install the DLP Agent and do NOT perform reboot after installation.

2. Open the following registry key on your agent machine:

---- HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent

3. Add the following 2 properties to the registry key:

---- PolicyInjectionRefreshIntervalInSec = 00000003 (this value is type DWORD)

---- PolicyInjectionFolder = c:\Temp\PoIicy (this value is a string and can be any valid path on your machine.)

in dlp 9.3 HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent\PolicyInjection

4. restart the agent machine.

(b) inject the policy

1. Prepare your policy: in the Management Console create the policy and save it to disk. You will get the following 3 files:

---- GlobalPolicy.opg

---- GlobalPolicy.opgc

---- GlobalPolicy.opgg

2. Copy these 3 files into the c:\Temp\PoIicy on the agent machine (no need to restart again, the agent-service will

see that the files are there and will take them).

Re: Applying DLP agent policiies without EPO!

Hi

These are the steps to perform policy injection:

(a) Set the agent to a policy injection mode:

1. Install the DLP Agent and do NOT perform reboot after installation.

2. Open the following registry key on your agent machine:

---- HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DLP\Agent

3. Add the following 2 properties to the registry key:

---- PolicyInjectionRefreshIntervalInSec = 00000003 (this value is type DWORD)

---- PolicyInjectionFolder = c:\Temp\PoIicy (this value is a string and can be any valid path on your machine.)

4. restart the agent machine.

(b) inject the policy

1. Prepare your policy: in the Management Console create the policy and save it to disk. You will get the following 3 files:

---- GlobalPolicy.opg

---- GlobalPolicy.opgc

---- GlobalPolicy.opgg

2. Copy these 3 files into the c:\Temp\PoIicy on the agent machine (no need to restart again, the agent-service will

see that the files are there and will take them).

Good luck

Re: Applying DLP agent policiies without EPO!

hello razi hasan

can u tell me how to do export following extension files from ePO because i had tried but still not able to export these file.

     GlobalPolicy.opg

---- GlobalPolicy.opgc

---- GlobalPolicy.opgg

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center