cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to access DLP Discover evidence

I am having an issue accessing any evidence DLP discover evidence saved in our evidence share. When I click on the on the "match count" in DLP Incident manager I get an "access denied" error. My service account and my network account both have access to the evidence share. Is there some configuration for evidence viewing I might be missing? Or maybe some documentation I can read. I followed all the product guides and think I have it set up properly but obviously I must be missing something. Any help would be appreciated.
5 Replies
McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Unable to access DLP Discover evidence

User36925489,

Could you please verify that you have the EPO Server name added to the Computer Object  to Evidence Share location.

Also, as a test, you could give permissions to "Everyone" temporarily  and retry opening evidence. 

 

Thanks

Re: Unable to access DLP Discover evidence

Hi Mreaden,

 

Yes, ePO server is added with full permission. I just added "Everyone". Permissions are replicating now. I will report back once that is done. 

Re: Unable to access DLP Discover evidence

"Everyone" was given full control over the evidence share. Still unable to access. 

McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Unable to access DLP Discover evidence

Please take a look at below link. The issue is definitely a permission issue. 

The evidence may not be getting from the client to the evidence share. Below steps will help confirm if this is the case.  Follow steps listed under "Solutions" and "Notes"

 

https://kc.mcafee.com/corporate/index?page=content&id=KB81399&actp=null&viewlocale=en_US&showDraft=f...

Re: Unable to access DLP Discover evidence

I will take a look and try the suggestions now. But just wanted to add that I was under the impression that evidence is in fact being copied because I can see the .dlpenc files in the folders in the evidence share. There is about 22 GB of data in the folders. I also noticed that on endpoint discovery rules I am using, where I set the evidence to be stored, there is no link to the evidence in the Incident Manager. 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community