cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ghunjan
ghunjan
Level 9
Report Inappropriate Content
Message 1 of 9
‎05-03-2019 06:46 AM

DLP device control logs

Hi folks,

 

Could someone please advise where can I find the DLP device control Incident logs. 

If they are in DB, what is the SQL statement to fetch them.

 

Thanks,

Gagandeep

 

0 Kudos
Reply
8 Replies
hem
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 9
‎05-03-2019 07:21 AM

Re: DLP device control logs

DLP incidents will be logged under DLP Incident manager (Menu->data protection->DLP incident manager). You can see the events here.

There  are many default DLP queries related to dlp incident. You can use them or can create new query from available 'Queries and reports'.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?
0 Kudos
Reply
Highlighted
ghunjan
ghunjan
Level 9
Report Inappropriate Content
Message 3 of 9
‎05-03-2019 07:32 AM

Re: DLP device control logs

I'm looking to get the location of these events in form of Logs or SQL statement to fetch them if they are in a DB.
0 Kudos
Reply
DLP_RS
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 4 of 9
‎05-06-2019 05:18 AM

Re: DLP device control logs

Hi Gagan,

All types of DLP incidents are available for review under DLP Incident Manager. All you need is to refine the default settings for specific types of incidents. For example--

 

  1. In McAfee ePO, select DLP Incident Manager.
  2. From the Present drop-down list, select the option for your product.
  3. Perform any of these tasks.
    • To sort by column, click a column header.
    • To change columns to a custom view, from the View drop-down list, select a custom view.
    • To filter by time, from the Time drop-down list, select a time frame.
    • To apply a custom filter, from the Filter drop-down list, select a custom filter.
    • To group by attribute:
      1. From the Group By drop-down list, select an attribute.

        A list of available options appears. The list contains up to 250 of the most frequently occurring options.

      2. Select an option from the list. Incidents that match the selection are displayed.

 

0 Kudos
Reply
ghunjan
ghunjan
Level 9
Report Inappropriate Content
Message 5 of 9
‎05-06-2019 05:52 AM

Re: DLP device control logs

Hi DLP_RS,

Thanks for this information. I'm aware of it.

The reason why I'm looking to find the log location or SQL statement to fetch them is because, we are having issue with a particular brand of External HDD which is not getting detected by the Agent so that we can whitelist or allow in on the DLP Manager. We have also tried to get second External HDD of same brand and it was not detected by the DLP Device Control. I can see events being sent to the ePO but I do not see anything on the DLP manager.

So, this is why I wanted to find the location of logs and see what is the issue? Why that external HDD is not seen on the DLP Manager.
0 Kudos
Reply
DLP_RS
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 6 of 9
‎05-06-2019 06:01 AM

Re: DLP device control logs

Hi Gagan,

If I understand correctly, it is an issue in blocking an external HDD. I have few suggestions.

1. Make sure that you are using DLP 11Patch 1 latest update.

2. Also review the KB-

How to block a Seagate hard disk drive in Data Loss Prevention Endpoint
Technical Articles ID:   KB90900
 
If the issue still persists, please log a service request with McAfee Technical Support.
 

 

0 Kudos
Reply
ghunjan
ghunjan
Level 9
Report Inappropriate Content
Message 7 of 9
‎05-06-2019 06:07 AM

Re: DLP device control logs

Hi DLP_RS,

It is an issue when external HDD is not getting detected.

Thanks,
Gagandeep
0 Kudos
Reply
DLP_RS
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 8 of 9
‎05-06-2019 06:20 AM

Re: DLP device control logs

The client side DLP logs are located at-

C:\ProgramData\McAfee\DLP\Temp

Use DLP Diagnostic Tool will also help here.

0 Kudos
Reply
Mreaden
McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 9 of 9
‎05-06-2019 06:20 AM

Re: DLP device control logs

ghunjan Report,

In EPO, you should be able to see the incidents in the Incident Manager. Go to Menu, under Data Protection column, select DLP Incident Manager. There you should see a list and a graphical representation of all incidents, including Device Control incidents. 

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC