cancel
Showing results for 
Search instead for 
Did you mean: 

DLP device control logs

Hi folks,

 

Could someone please advise where can I find the DLP device control Incident logs. 

If they are in DB, what is the SQL statement to fetch them.

 

Thanks,

Gagandeep

 

8 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: DLP device control logs

DLP incidents will be logged under DLP Incident manager (Menu->data protection->DLP incident manager). You can see the events here.

There  are many default DLP queries related to dlp incident. You can use them or can create new query from available 'Queries and reports'.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?please select Accept as Solution in my reply and together we can help other members?

Re: DLP device control logs

I'm looking to get the location of these events in form of Logs or SQL statement to fetch them if they are in a DB.
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 4 of 9

Re: DLP device control logs

Hi Gagan,

All types of DLP incidents are available for review under DLP Incident Manager. All you need is to refine the default settings for specific types of incidents. For example--

 

  1. In McAfee ePO, select DLP Incident Manager.
  2. From the Present drop-down list, select the option for your product.
  3. Perform any of these tasks.
    • To sort by column, click a column header.
    • To change columns to a custom view, from the View drop-down list, select a custom view.
    • To filter by time, from the Time drop-down list, select a time frame.
    • To apply a custom filter, from the Filter drop-down list, select a custom filter.
    • To group by attribute:
      1. From the Group By drop-down list, select an attribute.

        A list of available options appears. The list contains up to 250 of the most frequently occurring options.

      2. Select an option from the list. Incidents that match the selection are displayed.

 

Re: DLP device control logs

Hi DLP_RS,

Thanks for this information. I'm aware of it.

The reason why I'm looking to find the log location or SQL statement to fetch them is because, we are having issue with a particular brand of External HDD which is not getting detected by the Agent so that we can whitelist or allow in on the DLP Manager. We have also tried to get second External HDD of same brand and it was not detected by the DLP Device Control. I can see events being sent to the ePO but I do not see anything on the DLP manager.

So, this is why I wanted to find the location of logs and see what is the issue? Why that external HDD is not seen on the DLP Manager.
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: DLP device control logs

Hi Gagan,

If I understand correctly, it is an issue in blocking an external HDD. I have few suggestions.

1. Make sure that you are using DLP 11Patch 1 latest update.

2. Also review the KB-

How to block a Seagate hard disk drive in Data Loss Prevention Endpoint
Technical Articles ID:   KB90900
 
If the issue still persists, please log a service request with McAfee Technical Support.
 

 

Re: DLP device control logs

Hi DLP_RS,

It is an issue when external HDD is not getting detected.

Thanks,
Gagandeep
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: DLP device control logs

The client side DLP logs are located at-

C:\ProgramData\McAfee\DLP\Temp

Use DLP Diagnostic Tool will also help here.

Highlighted
McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: DLP device control logs

ghunjan Report,

In EPO, you should be able to see the incidents in the Incident Manager. Go to Menu, under Data Protection column, select DLP Incident Manager. There you should see a list and a graphical representation of all incidents, including Device Control incidents. 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community