UPDATE: I did a manual install of the DLP agent and the policy was applied. A workaround, but not a fix. It's not reasonable to deploy all of these manually.
Sorry for the delayed response as I am just now seeing this.
So we were finally able to get successful deployments but we now have 8 machines that still have this issue. All the others have successfully worked for a few months with the exact same configuration.
We did notice that the machines that are not working c:\programdata\mcafee\dlp folder there is just a Configuration.ogp and NOT the Global Policy.ogp that our working machines have. Also some of the logs have errors saying they could not find the .ogp. I tried to manually copy this over but that did not seem to change anything.
I have also uninstalled DLP and manually installed it from the client since others said this helped in their situation but did not appear to work for me. Any other ideas would be greatly appreciated.
Unfortuantely this is not an option for me yet as I have to get everything from a higher up group in the organization. Once it is an option it will defintely be the next thing I test.
I experienced a similar issue has well. Trying to upgrade DLP 10 to DLP 11.0.600 with Agent 551.388 installed on WIN10 1703's. The DLP deployment/upgrade via ePO bascially froze the computers. I had to manually shut them down because the sytesm was hosed, once up it shows DLP in the McTray, Agent wakeup and DLP is rollbacked.. Which it doesn't actually rollback, because DLP10 was removed during the install.
To make the long story short, installing the DLP Agent locally without ePO actually works to a certian extent. The systems still hose up but if you wait 15mins after it installs and reboot the computer, DLP 11 installs and you can open the DLP console and under installed programs & features DLP shows installed. I tried this with 11.0.600 and the latest 11.1 and it worked. Also DLP installs locally with 551.388 or 506.220. I'm going to monitor the 3 systems I have and see if DLP disappears/rollbacks from the machines before I continue to upgrade 5 more WIN10 1703's and 50 servers. The problem is this may only work locally. Meaning I will have to use a 3rd party tool to install DLP. For background HIPS & VSE 8.0.0 P11, Solidcore 22.214.171.1245 are also installed, but in disabled or observe mode during the DLP install deployment via ePO or DLP local installation.
I hope this doesn't happen on Windows server 2008R2 or 2012's with Agent 126.96.36.199. Unacceptable for a product to cause unnecessary troubleshooting to the point of you need to uninstall all McAfee products. or go through installing it locally via 3rd party.
If you ahve any insight or expeirenced this probleme please respond.
I would recommend logging a SR# with both McAfee Agent and Host DLP Team along with complete WebMER details for further investigation. The issue may not be related to local installation Or installation using ePO. Thanks.
The logs will be coming from a sensitive environment where I'm unable to gather logs and send over to Tech Support. Are there any steps are in place for an environment of this status?
I would like to share some suggestions.
1. Recommended configuration of MA is MA 5.6 latest HF and DLP v.11.2
2. Very rare chances that VSE Or any other point product is the cause. However ensure that you have exceptions inplace for DLP processes under VSE\ENS.
Is there an update to this issue? I have seen this occur if you Upgrade your Agent from 506.220 to 55.447 or 55.1.388 before you upgrade DLP 10 to DLP 11.1.0232. If you upgrade DLP first & reboot, then upgrade the Agent this issue with DLP reporting Agent up - no policy did not occur for me on Server 2008R2 & 2012R2. Or if you hav a new system & you install 188.8.131.528 on it and try to install DLP this occurs. What is McAfee doing to address this issue? I have not seen one mention of it under known DLP known issues.
I have two servers with this issue because I did not upgrade DLP 1st before upgrading my Agent to 551.338. Now I have to uninstall AGENT and/or DLP to try to get the DLP console to show up under Manage Features.
So far I was able to go to Agent 55.0.447 and the DLP console is displaying. Since this Agent version meets our requirements, I'm going to leave the Agent at that version due to the fact upgrading to 551.288 may put me back where I started. Spending a great amount of time on this & McAfee should provide KB article or at least aknowledge this is an issue.