cancel
Showing results for 
Search instead for 
Did you mean: 
tonyb99
Level 13

How to Trigger DLP agent updates/policy enforcement from command line

I'm using Host DLP 9.2.100.36 to manage USB managed by EPO 4.6.3 build 197 with McAfee Agent 4.6.0.2292

Are there any ways to force policy updates and trigger actions of the DLP agent via the command line or scripting?

We have a lot of agents reporting spurious agent statuses (Agent Up no policy/None) which don't actually apply on the machine, I have read the KB article that recommends running ASCI with

no user logged in and this has helped a bit but its very very slow really I would like to be able to just script something and get this done.

Any command line options for the DLP agent (either remote or locally executed would be nice)

Thanks

0 Kudos
5 Replies
tonyw
Level 12

Re: How to Trigger DLP agent updates/policy enforcement from command line

There is no command line options for DLP enforcing policies.  These actions actually take place with the McAfee agent, however if you were planning on scripting a faster ASCI interval thru command line using cmdagent, why not just use the McAfee Agent policy in EPO to change the ASCI interval?  Or you could set a client task to issue a wake up call when the user logs in or for some other trigger.

0 Kudos
Tristan
Level 15

Re: How to Trigger DLP agent updates/policy enforcement from command line

I know it's an old post but i stumbled across it when i was trying to fix a simliar DLP "Agent Up No Policy" issue on one of the laptops i manage.

Hopefully my resolution might help someone with a similar issue

Basically i created a new "fake" policy by duplicating my default DLP policy and changed a random value, like the evidence storage limit for example, and applied it to the laptop and forced a ASIC, enforced policies from the framework agent gui etc...

The change in policy forced a rewrite of the local laptops DLP policy and kicked it into action. It reported correctly to ePO I then simply set the policy back to the default in ePO.

Message was edited by: Tristan on 24/10/12 17:29:49 IST
0 Kudos
cdobol
Level 10

Re: How to Trigger DLP agent updates/policy enforcement from command line

I am also seeing this issue in my environment.  9.2.100.36 installs, client reboots, then it is stuck with a status of  "Agent up - no policy".  I have tried the suggestion above by modifying the DLP policy and that seems to work.  It appears there is some sort of timestamp issue between the policy/agent.

I have opened a SR with McAfee regarding this.  If I get a better answer other than mkeep on modifying the policy I will post it here.

0 Kudos
cdobol
Level 10

Re: How to Trigger DLP agent updates/policy enforcement from command line

Apparently this is a known bug that will be fixed with a patch due out in Q1 2013.

0 Kudos
bperez
Level 10

Re: How to Trigger DLP agent updates/policy enforcement from command line

In my case i need to create the my default dlp 9.2.0.0 agent Conf policy again (does not exist in the catalog ) , in the system properties the policy is enforced and working, but in the query appear "agent up - no policy"

0 Kudos