We need to be able to validate the application of a host DLP policy without using the console for the remote client. Is there any way to do this? It appears that the policy files are encrypted on the node. We only have file share and command line access to certain nodes. Thank you!
You can utilize the DLP DiagTool on the client machine which can be download from the McAfee download site. However, you will need to generate a DLP release code using ePO console but this does not need to be done from the client machine itself.
For me, the easiest way is:
1. Go to System Tree - System (tab) - check systems (what you whant to check) and click "Wake Up Agents" button. Do not forgen check "Force policy update".
2. See Menu - Automation - Server Task Log make sure that the Status of you task is Completed.
The first two points are needed to update the information in epo.
3. On System Tree click on you system (what you whant to check), go to Products tab, check Data Loss Prevention, see section DLP Policy-Policy Revision.
I did it using a Query in EPO:
1. Go to Queries & Reports -> New
2. Check for resulting Type and choose Others, there you select DLP Computer Properties -> next
3. Sort by Computer Name -> Next again
4. Here you select the columns, the default give you all so you need to filter the ones you need. The ones below are what I did choose.
Computer Deployment Group Name
DLP Endpoint Status
DLP Plug-in Version
Policy Receive Time
Last ePO Communication
DLP Operation Mode
5. Set filters to the policy's you need to check. In my case it was Computer Deployment Group Name and the selection menu gave me the ones I needed.
this was telling me if the policy was applied and also if there is a pending reboot.
On the managed endpoint (client for that matter), click on the McAfee icon in the system tray, select "Manage Features" then "DLP Endpoint Console".
Depends on your DLPe version, but in 9.3 Patch 3 a popup window will appear, select "About".
This will show the version of the DLPe running as well as the revisions ID for the Policy and Endpoint Configuration applied to the client (example below)
These should match the revisions ID on the DLPe console on ePO or else your system's configuration is out of date.