cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
hatevessel
Level 9
Report Inappropriate Content
Message 1 of 4
‎12-22-2011 02:23 AM

Sending evidence files via EPO?

Jump to solution

Hi all,

Is it possible to configure DLP client to send evidence content via the EPO client, and not just by UNC path?  We are investigating replacing Symantec with McAfee, and this is something Symantec did quite happily.

Just so I'm explaining myself properly, alot of our laptops will not be on the domain, on a different domain, across hundreds of sites, or will be working remotely for the vast majority of the time, therefore having the client writing to a single UNC path will be usually impossible as none of the organisations servers will be contactable for a variety of reasons.

Currently we have it setup to write the evidence files locally to the machine, but still have it reporting back all events.  So we can see all the activity, we just won't have direct access to the files themselves.

Is there any way to configure this the way we want?  I've been searching through the documentation/help file and I can no longer see the wood for the trees, so to speak.

Thanks

0 Kudos
Reply
1 Solution

Accepted Solutions
georgec
Level 13
Report Inappropriate Content
Message 2 of 4
‎12-27-2011 11:30 AM

Re: Sending evidence files via EPO?

Jump to solution

What's the difference if the evidence replicates through the McAfee Agent or UNC? It's gonna end un on the epo server in both cases (most of the times, depening on where sql is stored). You can provide credentials for replication in case you have problems with machines from multiple domains.

Anyway, the evidence is stored until the machine has connectivity to transfer it. The parameters for storing the evidence are under the agent configuration (max total size, file max size, min free space in MB and %)

View solution in original post

0 Kudos
Reply
3 Replies
georgec
Level 13
Report Inappropriate Content
Message 2 of 4
‎12-27-2011 11:30 AM

Re: Sending evidence files via EPO?

Jump to solution

What's the difference if the evidence replicates through the McAfee Agent or UNC? It's gonna end un on the epo server in both cases (most of the times, depening on where sql is stored). You can provide credentials for replication in case you have problems with machines from multiple domains.

Anyway, the evidence is stored until the machine has connectivity to transfer it. The parameters for storing the evidence are under the agent configuration (max total size, file max size, min free space in MB and %)

View solution in original post

0 Kudos
Reply
hatevessel
Level 9
Report Inappropriate Content
Message 3 of 4
‎12-28-2011 01:07 AM

Re: Sending evidence files via EPO?

Jump to solution

Hi George,

Thanks for your response.  Unfortunately, some laptops will never be on our WAN (working completely remotely), so there will never be the opportunity for the machine to connect to the UNC path, hence wondering whether it could be forced out via the EPO client.  Not to worry though, I realise it's going to be a limitation of the way our network is setup at the moment.

Thanks for the other pointers though.  Makes sense

0 Kudos
Reply
georgec
Level 13
Report Inappropriate Content
Message 4 of 4
‎12-28-2011 02:25 AM

Re: Sending evidence files via EPO?

Jump to solution

Hi,

Alterinative: You can put an agent handler in DMZ that will allow you to get the events, but still won't get the evidence. You still get the event though.....

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC