How to configure paragraph based classification in DLP? Currently DLP is generating alert for single word. I want that the alert be generated only if the entire paragraph is matched in a file. How will I achieve that?
Solved! Go to Solution.
1. Please check in the orion.log file for the copy error. Please try the DLP 11.0 P6 build once as some defects were fixed in latest releases.
2. For the audit error messages:
There was past issue where an unwanted messages was reported in ePOs audit.log:
ePolicy Orchestrator audit log contains excessive "Notify Agent" messages
Technical Articles ID: KB88281
What you see sounds simulare, but the button portion of the messages is unexpected here.
Also refer: https://kc.mcafee.com/corporate/index?page=content&id=KB71458
The error related to EEADMIN is for McAfee Drive Encryption Product.
The error mentioned related to copy is from DLP. Based on the error mentioned in the log file, its very clear that user does not have permission to perform the copy.
Please perform the below options and check if the issue is resolved.
1. The ePO computer account needs access to the evidence share.
2. Add the user to ”everyone” group to the UNC folder, then the issue would get resolved.
You need to use the registered document feature.
The registered documents feature is based on pre-scanning allfiles in specified repositories (such as the engineering SharePoint) and creating signatures of fragments of each file in these repositories. McAfee DLP Endpoint and the network McAfee DLP products use slightly dierent versions of registered documents.
McAfee DLP Endpoint uses manual registration. Signatures of files are manually uploaded to a McAfee ePO database by McAfee DLP. These signatures are then distributed to all managed endpoints. The McAfee DLP
Endpoint client is then able to track any paragraph copied from one of these documents and classify it according to the classification of the registered document signature. McAfee DLP Prevent and McAfee DLP
Monitor also access the McAfee ePO database to use registered documents. McAfee DLP Discover runs registration scans on file repositories. The signatures created by this automatic registration are stored in signature databases on servers designated as DLP Servers. They are used by McAfee DLP Discover to create classification and remediation scans. They are also used by McAfee DLP Prevent and McAfee DLP Monitor to define rules.
I tried uploading a sample file in registered document. The upload was successfull. I can see the document in the file list. But when I tried to create package after that. It showed me error "Error during package creation ". Currently there is only one file in file list. Why am I getting the error while creating package? When I checked the audit log; it showed as copying files to evidence folder failed and also Copying package for computer with XXXXXX (client configuration) error. Is it failing due to this? Please help me.
Please check the errors in the ePO Audit Log:
This error may occur when invalid credentials are used when trying to complete the Manual RegDoc package creation.
Specifically, copying the .dat package to the \\server\\regDocs folder.
Please check the errors recorded in the ePO Audit Log. What is the error message shown in the audit log.
Also, please check the orion.log file for the errors been generated.
I am getting this error "Could not copy files to \\Server name\regDocs". Actually it is trying to copy files to two evidence folder location. There are two evidence folder location for two different client configuration policy. For one client configuration; the copy is successfull to its respective evidence folder. But for other; I am getting copy error. Both evidence share location use same credentials for copying files. Both evidence folders are on two different servers.