cancel
Showing results for 
Search instead for 
Did you mean: 

DLP Override Keys (Bypass duration)

Jump to solution
 

Hi,

I gave the user or client a temporary access for his usb thru DLP Override Key with the duration of 30 days, it was successful the user could use his usb but after few minutes it was blocked again. Ive noticed that the bypass confirmation on the clients pc was " The release code functionality is blocked until Dec.9,2019 at 09:04" it supposed to be Jan 9 2020 bec. Ive just gave him a bypass today.

 

EPO_sql017_DLP_RameshNotOkay01.png

1 Solution

Accepted Solutions
McAfee Employee jsubbura
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: DLP Override Keys (Bypass duration)

Jump to solution

Hi @Eric357 ,

Thank you for writing in here. 

As per the issue description and the screenshot attached, from my experience I could explain you the scenario as of what happened in here.

 

1) User has requested for DLP bypass to use his USB, by submitting the Identification code

2) And you have generated the DLP Bypass release code by setting the bypass duration to 30 days

3) The user entered the DLP Bypass release code in the DLP Endpoint console and now the Bypass started

4) During the Bypass DLP would not block the devices, however DLP would monitor the files or devices which are being transmitted or connected to the machine and DLP would generate User Notifications for the same as per the rules configured.

5) User would have thought that the DLP is not bypassed still and would have opened the DLP Endpoint console -> Tasks section and would have clicked on Generate Code again. Once the user clicks on the Generate Code, DLP would leave from the Bypass mode, irrespective of the duration set for bypass. 

6) And again now user would have tried entering the release code which you had earlier shared with him in step 2. He might have entered it 2 or thrice. But DLP will not accept the previously generated release code. A release code is unique with respect to the identification code shown in the DLP Endpoint console.

7) As per the windows client configuration, by default if the release code is entered incorrectly once or thrice DLP will lockout or block the release code functionality and will show the message "The release code functionality is blocked until xxxxxxx

😎 The maximum lockout time is 60 minutes and the minimum is 5 minutes.

 

Please check the below screenshots, you can check the windows client configuration policy assigned to this user machine and check what is the number of attempts and lockout time. 

 

lockout.PNG

You can even check the DLP Operations Menu under EPO Menus for the Operational event which shows when the DLP Endpoint console got locked out,

operationalevent.PNG

eventinfo.PNG

 

Hope this answers why you are seeing the screenshot mentioned in your post. 

As a next action plan, you would need to wait until the lockout timeout and then you would need to generate the client bypass release code again. This time kindly advise the user not to click on the Generate Code under the DLP Endpoint console after bypass.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you

Regards,
Jithendran S
McAfee Employee

View solution in original post

2 Replies

Re: DLP Override Keys (Bypass duration)

Jump to solution

pls help anyone??

McAfee Employee jsubbura
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: DLP Override Keys (Bypass duration)

Jump to solution

Hi @Eric357 ,

Thank you for writing in here. 

As per the issue description and the screenshot attached, from my experience I could explain you the scenario as of what happened in here.

 

1) User has requested for DLP bypass to use his USB, by submitting the Identification code

2) And you have generated the DLP Bypass release code by setting the bypass duration to 30 days

3) The user entered the DLP Bypass release code in the DLP Endpoint console and now the Bypass started

4) During the Bypass DLP would not block the devices, however DLP would monitor the files or devices which are being transmitted or connected to the machine and DLP would generate User Notifications for the same as per the rules configured.

5) User would have thought that the DLP is not bypassed still and would have opened the DLP Endpoint console -> Tasks section and would have clicked on Generate Code again. Once the user clicks on the Generate Code, DLP would leave from the Bypass mode, irrespective of the duration set for bypass. 

6) And again now user would have tried entering the release code which you had earlier shared with him in step 2. He might have entered it 2 or thrice. But DLP will not accept the previously generated release code. A release code is unique with respect to the identification code shown in the DLP Endpoint console.

7) As per the windows client configuration, by default if the release code is entered incorrectly once or thrice DLP will lockout or block the release code functionality and will show the message "The release code functionality is blocked until xxxxxxx

😎 The maximum lockout time is 60 minutes and the minimum is 5 minutes.

 

Please check the below screenshots, you can check the windows client configuration policy assigned to this user machine and check what is the number of attempts and lockout time. 

 

lockout.PNG

You can even check the DLP Operations Menu under EPO Menus for the Operational event which shows when the DLP Endpoint console got locked out,

operationalevent.PNG

eventinfo.PNG

 

Hope this answers why you are seeing the screenshot mentioned in your post. 

As a next action plan, you would need to wait until the lockout timeout and then you would need to generate the client bypass release code again. This time kindly advise the user not to click on the Generate Code under the DLP Endpoint console after bypass.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you

Regards,
Jithendran S
McAfee Employee

View solution in original post

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community