cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
azinnc
Level 8
Report Inappropriate Content
Message 1 of 11

Is There a Way to Prevent Discovery from Escalating Devices?

I have the discovery portion of DLP set to report discoveries as "Info", but the devices are being reported as Escalated. I would like it to truly be info only and available to research in the DLP Incident Manager, but not escalate the devices. Is that possible?
10 Replies
jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: Is There a Way to Prevent Discovery from Escalating Devices?

Hi @azinnc ,

Thank you for writing in here.

Can you attach some screenshots which could help me in helping you.

And are you using Endpoint Discovery Scans or DLP Discover? And also i could see that you are referring to Devices? I think screenshots would give more clarity in here.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
azinnc
Level 8
Report Inappropriate Content
Message 3 of 11

Re: Is There a Way to Prevent Discovery from Escalating Devices?

We are using Endpoint Discovery.  Devices are all Windows 10 Pro workstations.  I have attached screenshots of the Protection Workspace area for a device, as well as the main part of the Endpoint Discovery rule.  The Reaction is set to "No Action", but to report the incident.

jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 11

Re: Is There a Way to Prevent Discovery from Escalating Devices?

Hi @azinnc ,

Quick Question: are you using Mvision Cloud EPO and managing the DLP on the client machine using Mvision Cloud EPO? 

 

Thank you.

 

Regards,
Jithendran S
McAfee Employee
azinnc
Level 8
Report Inappropriate Content
Message 5 of 11

Re: Is There a Way to Prevent Discovery from Escalating Devices?

No, we are not using MVision Cloud ePO, but on-premise ePO.

jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: Is There a Way to Prevent Discovery from Escalating Devices?

Hi @azinnc ,

Thank you for the update.

If its on-Prem EPO, may i know how you are navigating to this UI below?

1.png

Regards,
Jithendran S
McAfee Employee
jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11

Re: Is There a Way to Prevent Discovery from Escalating Devices?

Hi @azinnc ,

Could see that you are seeing this in the Protection Workspace, by default the protection workspace is designed to report the device as Escalated if more than 5 threats (threat events) detected in 24 hours.

 

https://docs.mcafee.com/bundle/mvision-epolicy-orchestrator-product-guide/page/GUID-D65FDA12-765A-45...

Regards,
Jithendran S
McAfee Employee
azinnc
Level 8
Report Inappropriate Content
Message 8 of 11

Re: Is There a Way to Prevent Discovery from Escalating Devices?

Thank you.  So back to my original question.  I have made Sensitive Data Discovery be rated as "Info".  How can I make "Info" incidents not cause the device to get escalated?

jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: Is There a Way to Prevent Discovery from Escalating Devices?

Hi @azinnc ,

The Device got escalated is a feature available in Protection Workspace. As per the guide shared above, by default the protection workspace is designed to report the device as Escalated if more than 5 threats (threat events) detected in 24 hours.

I am trying to check internally if this setting is customizable or not and would let you know if any.

 

Thank you.

 

Regards,
Jithendran S
McAfee Employee

Re: Is There a Way to Prevent Discovery from Escalating Devices?

f this setting is customizable or not and would let you know.  Did you find out if we can customize those settings? 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community