I have DLP 9.2 installed (epo4.6) and I believe that the DLP internet explorer plugin is affecting how one of our intranet sites loads. (in IE9).
Does anyone know where I can manage this (or make it so it is not installed to our users?)
I don't have any content classifications set within DLP (I only use it for removable media) so I don't need this installed.
Depending on how your policies are set up, you can check the following.
If you are not running that protection set, you can disable it from multiple avenues. The best being your Global Agent Configuration (either from your EPO policy tree filtered by DLP, or from within the EPO>DLP interface itself - one of these may override the other though depending on your policy setup).
Simply find the tab (usually Miscillanous) with available modules and de-select the Internet Explorer module.
Additionally, your application rules can be set to exclude browsers. You can also de-select which policy sets will apply to your user groups from within that area (user groups > click edit,> policies)
Thanks for replying. I do not have that option from my Global Agent Config > Misc tab. Only what is shown below.
If it is not there then that confuses me even more as to how it is being offered out to my users!
Looks like you are missing some handlers/extensions. Are you running at least Agent v4.5 ?
You may need to check within EPO that you have it properly installed.
Additionally, a new patch (9.2 Patch2) has been released for DLP 9.2, it appears to be a recommended update. Installing this may include some of the missing agent capabilities.
You should definately call support - and when you do, you'll probably need the Agent Diagnostics Tool, to verify which policies and rules are applied on your endpoints.
Are you accessing the global policy from your DLP interface, or from your EPO Policy Catalog (it has the same DLP agent configuration interface, but it can over-ride the settings on the DLP-interface)
I don't have this option either. Could this be a difference between full-blown DLP and Device Control? We're really only using Device Control and would like that component disabled as well.
The setting page looks like this. It is not global setting from ''DLP Policy", it is from "System Tree" -> "Assigned Policies", select the group the click the "Agent Configuration" policy name.
I am not sure why yours looks not like above, one clue is the tabs on your pic are less then mine. I tried to change some settings on my side, like "DLP Operation Mode", revelant thing in "Permission Sets", could not rebuild your result. I don't know if it is license related. You can check this by install a test server without real license added.Message was edited by: virgona on 4/28/13 4:57:55 PM CST
That is correct. DLP provides the options in virgona's screenshot, Device Control licensing provides the options in al12345's screenshot.
DLPE version 9.2.2 introduced an option to install with no plugins enabled. That should resolve any issue you have with disabling the module. From the release notes:
Installation without plug-ins
An optional Command line entry in the ePolicy Orchestrator client task, or the argument PLUGINS=0 in the
command line in manual installation, installs the McAfee DLP Endpoint client without plug-ins.