cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tonyb99
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 6

How to Trigger DLP agent updates/policy enforcement from command line

I'm using Host DLP 9.2.100.36 to manage USB managed by EPO 4.6.3 build 197 with McAfee Agent 4.6.0.2292

Are there any ways to force policy updates and trigger actions of the DLP agent via the command line or scripting?

We have a lot of agents reporting spurious agent statuses (Agent Up no policy/None) which don't actually apply on the machine, I have read the KB article that recommends running ASCI with

no user logged in and this has helped a bit but its very very slow really I would like to be able to just script something and get this done.

Any command line options for the DLP agent (either remote or locally executed would be nice)

Thanks

5 Replies
tonyw
Level 12
Report Inappropriate Content
Message 2 of 6

Re: How to Trigger DLP agent updates/policy enforcement from command line

There is no command line options for DLP enforcing policies.  These actions actually take place with the McAfee agent, however if you were planning on scripting a faster ASCI interval thru command line using cmdagent, why not just use the McAfee Agent policy in EPO to change the ASCI interval?  Or you could set a client task to issue a wake up call when the user logs in or for some other trigger.

Tristan
Level 15
Report Inappropriate Content
Message 3 of 6

Re: How to Trigger DLP agent updates/policy enforcement from command line

I know it's an old post but i stumbled across it when i was trying to fix a simliar DLP "Agent Up No Policy" issue on one of the laptops i manage.

Hopefully my resolution might help someone with a similar issue

Basically i created a new "fake" policy by duplicating my default DLP policy and changed a random value, like the evidence storage limit for example, and applied it to the laptop and forced a ASIC, enforced policies from the framework agent gui etc...

The change in policy forced a rewrite of the local laptops DLP policy and kicked it into action. It reported correctly to ePO I then simply set the policy back to the default in ePO.

Message was edited by: Tristan on 24/10/12 17:29:49 IST
cdobol
Level 10
Report Inappropriate Content
Message 4 of 6

Re: How to Trigger DLP agent updates/policy enforcement from command line

I am also seeing this issue in my environment.  9.2.100.36 installs, client reboots, then it is stuck with a status of  "Agent up - no policy".  I have tried the suggestion above by modifying the DLP policy and that seems to work.  It appears there is some sort of timestamp issue between the policy/agent.

I have opened a SR with McAfee regarding this.  If I get a better answer other than mkeep on modifying the policy I will post it here.

cdobol
Level 10
Report Inappropriate Content
Message 5 of 6

Re: How to Trigger DLP agent updates/policy enforcement from command line

Apparently this is a known bug that will be fixed with a patch due out in Q1 2013.

bperez
Level 10
Report Inappropriate Content
Message 6 of 6

Re: How to Trigger DLP agent updates/policy enforcement from command line

In my case i need to create the my default dlp 9.2.0.0 agent Conf policy again (does not exist in the catalog ) , in the system properties the policy is enforced and working, but in the query appear "agent up - no policy"

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community