I've configured the evidence folder according to the guide. I added Domain users computer with special permission.
I can open the evidence$ folder and put any file to that folder from the client computer. But unfortunately, when I tried to open the evidence from DLP Monitor, the evidence was not there. The error saya that "evidence is not avaibale". I checked the evidence folder, and there is no file in there.
Anyone has any idea why the evidence is not there?
And one more thing why is the connection state says that it offline? in fact my client was online.
The DLP Agent gets to know about being online/offline if it can/cannot connect to its Windows Domain
Controller (Which contains the Active directory).The Agent configuration settings has the "Refresh online
Status interval" set to 30 sec.If the Agent machine is not able to contact the DC for more than 30 seconds,
the machine is recognized as Offline by DLP.
Please ensure your Agent machine is able to connect to the DC for online events.
yes, the client is wihtin the domain. it can contact the domain controller (contain Active Directory and DNS) with no problem.
I can ping the ePO server by using hostname without any problem. and the McAfee agent monitor shows no error while communicating with the ePO server. is there any other issue that might cause this?
Try to define default gateway on client PC (192.168.10.10 for example). I am think this may help.
And use latest DLP agent version (126.96.36.199) In this build resolve some issues with agent CPU utilization.
actually i was not thinking by adding the default gateway might solve the problem becuase from the network point of view, these server and client reside in the same segment, thus doesnt need gateway to be specified. And as I said earlier, communication between server and client has no problem (able to ping either using IP or hostname, no update problem).
But unfortunately, after I added the server IP address as a gateway, evidence file from client site replicated to the server and now the connection state is "online" and the evidence is available from the DLP Monitor.
Does anyone has further explanation with this.? why do we have to speficy the default gateway eventhough the server and client reside in the same segment.?
anyway, many thanks for the help.