cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sohailgustasab
sohailgustasab
Level 7
Report Inappropriate Content
Message 1 of 19
‎11-12-2014 04:37 AM

DLP Diagnostics

Hi everyone,

I'm trying to figure out why one of my test WinXP pc won't download or apply my DLP policies.

It installs the DLP agent but it doesn't actually block any USB flash drives

.

I have tested these policies on a different pair of machines both in WinXP and Win7 and they work.

I'm using DLP 9.3 and my diagnostic tool is of the same version.

in light of this issue i downloaded the DLP diagnostic tool.

When i run the tool on my test Pc i have to generate a validation code but this fails on my EPO server.

see screenshot.

DLP bypass client key.JPG

Do you guys have any suggestions on how i can check what policies are downloaded to my test pc or how i can fix the bypass client key validation code.

or how i can figure out why the policies have not downloaded to my test pc.

Thanks

Sohail

0 Kudos
Reply
18 Replies
llamamecomoquie
llamamecomoquie
Level 13
Report Inappropriate Content
Message 2 of 19
‎11-12-2014 05:31 AM

Re: DLP Diagnostics

Hi Sohailgustasab,

2 diferent things

For the error generating the key, normally the key is longer than that, can you please verify that the user key that ip pop up on the screen when running the diagnòstic tool is correct?

For the policy issue, have you restarted the Machine after HDP has been installed?

Best regards,

Jose Maria

0 Kudos
Reply
sohailgustasab
sohailgustasab
Level 7
Report Inappropriate Content
Message 3 of 19
‎11-12-2014 05:40 AM

Re: DLP Diagnostics

Hi again Jose,

I've restarted the PC many times since installing the DLP agent.

Here's the ID code from the diagnostic tool.

DLP bypass client key 01.JPG

Regards

Sohail

0 Kudos
Reply
llamamecomoquie
llamamecomoquie
Level 13
Report Inappropriate Content
Message 4 of 19
‎11-12-2014 05:47 AM

Re: DLP Diagnostics

Which McAfee Agent do you have in the Machine? What's happens if you modify a policy for VSE? Does the Machine get the change for VSE?

Best regards,

Jose Maria

0 Kudos
Reply
sohailgustasab
sohailgustasab
Level 7
Report Inappropriate Content
Message 5 of 19
‎11-12-2014 06:14 AM

Re: DLP Diagnostics

McAfee agent 4.8.0.887

DLP Endpoint 9.3.300.31

not tried modifying VSE

0 Kudos
Reply
llamamecomoquie
llamamecomoquie
Level 13
Report Inappropriate Content
Message 6 of 19
‎11-12-2014 06:17 AM

Re: DLP Diagnostics

It would be nice to test a change for a diferent product to make sure is only HDLP or something else...

Best regards,

Jose Maria

0 Kudos
Reply
sohailgustasab
sohailgustasab
Level 7
Report Inappropriate Content
Message 7 of 19
‎11-12-2014 06:19 AM

Re: DLP Diagnostics

Okay.

any suggestions on what to change.

If you don't then i will try to figure out a change and post back results.

0 Kudos
Reply
sohailgustasab
sohailgustasab
Level 7
Report Inappropriate Content
Message 8 of 19
‎11-12-2014 07:14 AM

Re: DLP Diagnostics


hi Jose,

i created a new access protection rule which blocks and reports if a file called sohail-test-file is created.

DLP bypass client key 02.JPG

I then did a check new policies and also a collect and send props from the PC.

it downloaded the policy and when i test it by creating the file with that name it blocked it.

If i change the filename to anything else it allowed me to create the file.

access protection log also states that file was blocked

11/12/2014 2:50:36 PM Blocked by Access Protection rule  UR4804W001\Administrator C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Administrator\Desktop\sohail-test-file User-defined Rules:New file being creates - Sohail Action blocked : Create

11/12/2014 3:05:26 PM Blocked by Access Protection rule  UR4804W001\Administrator C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Administrator\Desktop\sohail-test-file User-defined Rules:New file being creates - Sohail Action blocked : Create

so this proves that VSE policy changes are taking effect on my test PC.

0 Kudos
Reply
sohailgustasab
sohailgustasab
Level 7
Report Inappropriate Content
Message 9 of 19
‎11-12-2014 07:24 AM

Re: DLP Diagnostics

Jose,

i just noticed something which i'm wondering might be the issue.

if i go to th policy catalogue

and pick product : DLP  and category : computer assignment group........there are no rules assigned.

DLP bypass client key 03.JPG

If i click on assignments then it shows my test machine .

DLP bypass client key 04.JPG

So....how do i assign policies to it..

0 Kudos
Reply
Highlighted
sohailgustasab
sohailgustasab
Level 7
Report Inappropriate Content
Message 10 of 19
‎11-12-2014 07:41 AM

Re: DLP Diagnostics


I also noticed that policy inheritence was brocken so i've reset that

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC