cancel
Showing results for 
Search instead for 
Did you mean: 

Sending evidence files via EPO?

Jump to solution

Hi all,

Is it possible to configure DLP client to send evidence content via the EPO client, and not just by UNC path?  We are investigating replacing Symantec with McAfee, and this is something Symantec did quite happily.

Just so I'm explaining myself properly, alot of our laptops will not be on the domain, on a different domain, across hundreds of sites, or will be working remotely for the vast majority of the time, therefore having the client writing to a single UNC path will be usually impossible as none of the organisations servers will be contactable for a variety of reasons.

Currently we have it setup to write the evidence files locally to the machine, but still have it reporting back all events.  So we can see all the activity, we just won't have direct access to the files themselves.

Is there any way to configure this the way we want?  I've been searching through the documentation/help file and I can no longer see the wood for the trees, so to speak.

Thanks

1 Solution

Accepted Solutions
georgec
Level 13
Report Inappropriate Content
Message 2 of 4

Re: Sending evidence files via EPO?

Jump to solution

What's the difference if the evidence replicates through the McAfee Agent or UNC? It's gonna end un on the epo server in both cases (most of the times, depening on where sql is stored). You can provide credentials for replication in case you have problems with machines from multiple domains.

Anyway, the evidence is stored until the machine has connectivity to transfer it. The parameters for storing the evidence are under the agent configuration (max total size, file max size, min free space in MB and %)

View solution in original post

3 Replies
georgec
Level 13
Report Inappropriate Content
Message 2 of 4

Re: Sending evidence files via EPO?

Jump to solution

What's the difference if the evidence replicates through the McAfee Agent or UNC? It's gonna end un on the epo server in both cases (most of the times, depening on where sql is stored). You can provide credentials for replication in case you have problems with machines from multiple domains.

Anyway, the evidence is stored until the machine has connectivity to transfer it. The parameters for storing the evidence are under the agent configuration (max total size, file max size, min free space in MB and %)

View solution in original post

Re: Sending evidence files via EPO?

Jump to solution

Hi George,

Thanks for your response.  Unfortunately, some laptops will never be on our WAN (working completely remotely), so there will never be the opportunity for the machine to connect to the UNC path, hence wondering whether it could be forced out via the EPO client.  Not to worry though, I realise it's going to be a limitation of the way our network is setup at the moment.

Thanks for the other pointers though.  Makes sense

georgec
Level 13
Report Inappropriate Content
Message 4 of 4

Re: Sending evidence files via EPO?

Jump to solution

Hi,

Alterinative: You can put an agent handler in DMZ that will allow you to get the events, but still won't get the evidence. You still get the event though.....

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community