I have seen a strange issue during DLP endpoint upgrade from 9.3.100 to 9.3.300. In fact everyone goes fine except because of the fact that computers won't report any DLP event until they have been rebooting.
- before upgrading I trigger any email rule from the endpoint and then force sending events through McAfee Agent -> OK
- after upgrading (and not yet rebooted) I trigger any email rule from the endpoint and then force sending events through McAfee Agent -> No events are sent
- after upgrading and rebooting I trigger any email rule from the endpoint and then force sending events through McAfee Agent -> OK but all events between upgradind and rebooting computers don't appear anywhere.
Is this a normal behaviour or am I missing something?
Thanks for the answer ,I know that a reboot is sometimes needed after installing or upgrading a McAfee product but the problem is that we cannot force a reboot after upgrading and we are loosing all DLP events until coputers have rebooted. If DLP agent stored events and after rebooting sent them to ePO it would be almost fine but these events have been lost forever and there will always be a gap between upgrade and reboot.
Anyway, if this is as designed there's nothing more that can be done, that's for sure.
Just another question: as we are only logging activity and evidences (not blocking at this moment so we cannot check wether the rules are applying or not)) would the DLP policies apply to computers between upgrading and rebooting the computers?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.