cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a way to validate the DLP policy applied on the host without console access?

We need to be able to validate the application of a host DLP policy without using the console for the remote client.  Is there any way to do this?  It appears that the policy files are encrypted on the node.  We only have file share and command line access to certain nodes.  Thank you!

5 Replies
Highlighted
McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Is there a way to validate the DLP policy applied on the host without console access?

You can utilize the DLP DiagTool on the client machine which can be download from the McAfee download site. However, you will need to generate a DLP release code using ePO console but this does not need to be done from the client machine itself.

palex
Level 11
Report Inappropriate Content
Message 3 of 6

Re: Is there a way to validate the DLP policy applied on the host without console access?

Hi, ron.sokol!

For me, the easiest way is:

1. Go to System Tree - System (tab) - check systems (what you whant to check) and click "Wake Up Agents" button. Do not forgen check "Force policy update".

2. See Menu - Automation - Server Task Log  make sure that the Status of you task is Completed.

The first two points are needed to update the information in epo.

3. On System Tree click on you system (what you whant to check), go to Products tab, check Data Loss Prevention, see section DLP Policy-Policy Revision.


Regards.

ahamm
Level 9
Report Inappropriate Content
Message 4 of 6

Re: Is there a way to validate the DLP policy applied on the host without console access?

I did it using a Query in EPO:

1. Go to Queries & Reports -> New

2. Check for resulting Type and choose Others, there you select DLP Computer Properties -> next

3. Sort by Computer Name -> Next again

4. Here you select the columns, the default give you all so you need to filter the ones you need. The ones below are what I did choose.

Computer Name

Computer Deployment Group Name

DLP Endpoint Status

DLP Plug-in Version

Policy Receive Time

Last ePO Communication

DLP Operation Mode

5. Set filters to the policy's you need to check. In my case it was Computer Deployment Group Name and the selection menu gave me the ones I needed.


this was telling me if the policy was applied and also if there is a pending reboot.


Regards

odedb
Level 9
Report Inappropriate Content
Message 5 of 6

Re: Is there a way to validate the DLP policy applied on the host without console access?

On the managed endpoint (client for that matter), click on the McAfee icon in the system tray, select "Manage Features" then "DLP Endpoint Console".

Depends on your DLPe version, but in 9.3 Patch 3 a popup window will appear, select "About".

This will show the version of the DLPe running as well as the revisions ID for the Policy and Endpoint Configuration applied to the client (example below)DLPe_About.PNG

These should match the revisions ID on the DLPe console on ePO or else your system's configuration is out of date.

Re: Is there a way to validate the DLP policy applied on the host without console access?

Thanks, you all, great info! -R

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community