cancel
Showing results for 
Search instead for 
Did you mean: 
cpcit
Level 9

DLPe 9.2 Evidence not available

Jump to solution

Hi, We are facing an issue with the evidence folder. The permissions and sharing has been done as per the Mcafee installation guide. I am able to access the UNC path from the client PC and can also manually copy a file to it. The DLP monitor shows the evidence file but when we try to access it from ePO it gives the error 'Evidence not available' and there is no file in the UNC path. I have read a few issues in this regard, I have already tried providing access to Domain Users rather than Domain Computers to the UNC folder but the result is the same. All machines are domain computers and all users have AD accounts. Also, in the DLP logs the client connection status shows as offline.

Please let me know if there is anything else that needs to be checked.

Thanks.

0 Kudos
1 Solution

Accepted Solutions
cpcit
Level 9

Re: DLPe 9.2 Evidence not available

Jump to solution

I've managed to resolve the issue. We had used a public IP address in the agent handler settings for the epo server. Once that was removed, internal machines show as online and the evidence is being copied to the UNC path. I am yet to check how it works from outside the network.

Thanks.

0 Kudos
9 Replies
keithdrone
Level 10

Re: DLPe 9.2 Evidence not available

Jump to solution

Is the account used to access EPO the same as the one used to access the evidence using UNC?  

0 Kudos
vimalnavis
Level 13

Re: DLPe 9.2 Evidence not available

Jump to solution

Assuming all the permissions are setup correctly, DLPe Agent does not tranfer the Evidence file to the share if the Agent Status is "Offline". Once the Agent status changes back to "Online", DLPe will automatically move the Evidence file to the share.

0 Kudos
cpcit
Level 9

Re: DLPe 9.2 Evidence not available

Jump to solution

No its not the same account.

How do I change the status to online?

0 Kudos
vimalnavis
Level 13

Re: DLPe 9.2 Evidence not available

Jump to solution

You cannot manually change the status. Once the machine connects to the corporate network the status will auto change.

0 Kudos
cpcit
Level 9

Re: DLPe 9.2 Evidence not available

Jump to solution

The machine is connected to the corporate network but still shows offline.

0 Kudos
rtrezza
Level 7

Re: DLPe 9.2 Evidence not available

Jump to solution

Can the client resolve the DNS name of the ePO server? Get the agent diag tool from

https://kc.mcafee.com/corporate/index?page=content&id=KB75040

and check the address/name of the ePO server and be sure that it can resolve that name. I've seen issues when a client PC has two NICs and the routing causes the DLP Agent to say "offline" while the McAfee Agent can still communicate with ePO.

0 Kudos
cpcit
Level 9

Re: DLPe 9.2 Evidence not available

Jump to solution

Thanks for the reply.

I used the agent diag tool. The agent online has red mark while agent login has a green against it. The machine can resolve the epo server name and ip. But still the same.

The machine and epo server are in different subnets. Does this affect the online status of the agent? If the machine is in the same subnet as the epo server the agent online is green.

Message was edited by: cpcit on 2/28/13 12:21:12 AM CST
0 Kudos
dtr
Level 7

Re: DLPe 9.2 Evidence not available

Jump to solution

Check if you can send a ping from EPO to the Client. Form me, this looks like a network problem. Was the client installed in the subnet in which is is now?

If client and EPO are in different subnets, you need a router inbetween.

Regards

Dennis

0 Kudos
cpcit
Level 9

Re: DLPe 9.2 Evidence not available

Jump to solution

I've managed to resolve the issue. We had used a public IP address in the agent handler settings for the epo server. Once that was removed, internal machines show as online and the evidence is being copied to the UNC path. I am yet to check how it works from outside the network.

Thanks.

0 Kudos