This is a DLP related question which can be answered by them. I will move this post to DLP forum for more visibility.
Was my reply helpful?
If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!
You can use a user account for evidence storage and evidence copy service, as long as the account has the proper permissions. See below excerpt from DLP 11.3 Installation Guide.
Enabling evidence storage is the default condition for McAfee DLP Endpoint. Creating an evidence storage folder and specifying the UNC path to the folder are requirements for applying a policy to McAfee ePO. The folder does not need to be on the same computer as the McAfee DLP Database server, but it is usually convenient to put it there. When more than one McAfee DLP product is installed in McAfee ePO the UNC paths for the evidence folders are synchronized.