cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

Hi @JKBH1 ,

Thank you for the update. 

Regards,
Jithendran S
McAfee Employee
sati
Level 8
Report Inappropriate Content
Message 12 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

Did you happen to get any solution from support? even i also see similar problem where some incidents comes with no destination URL info even when loaded in standard mode.

i am having ePO 5.9.1 and DLP 11.4 extension

jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

Hi @sati ,

Thank you for writing in here.

Do you see the DLP Endpoint Chrome Extension loaded on the Chrome Standard mode for the machine from where the Incident with no url was generated?

chromeextension.PNG

Thank you.

Regards,
Jithendran S
McAfee Employee
sati
Level 8
Report Inappropriate Content
Message 14 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

@jsubbura  hanks for responding.  Yes, the extension is loaded. In fact there are multiple incidents triggered on this machine around same time frame. most of them have URL information available except for 2-3 incidents.

jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 15 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

HI @sati ,

Thank you for the update.

Could you help with a full page screenshot of these 2-3 Incidents with no URL information?

 

Thank you.

Regards,
Jithendran S
McAfee Employee
sati
Level 8
Report Inappropriate Content
Message 16 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

@jsubbura  Sure.. please find the attachments

jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 17 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

Hi @sati ,

Thank you for the update, however we could see that DLP says that Chrome Incognito window is open when the file was actually uploaded on the Chrome Standard mode.

If by any chance chrome Incognito window is open when the Incident is generated DLP is unable to get the URL information.

Or when the user clicks on windows -> search with chrome and then open the New-Incognito window directly instead of chrome standard mode and then uploads the file, then chrome will not load any third party extensions in chrome and then you see the below additional info in the incident generated.

incognito.PNG

 

Thank you.

 

Regards,
Jithendran S
McAfee Employee
sati
Level 8
Report Inappropriate Content
Message 18 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

Hi @jsubbura  Thanks for the explanation. However couple of questions

1) how do you say incognito was enabled by looking at the screenshot of DLP incident. Is it because of the warning you see saying incognito is enabled. If yes, then it is not the case. we do see that warning for any DLP web post incident regardless if incognito mode is open or not

2)  I understand DLP extensions can not be loaded in to incognito. as per your statement if by any chance incognito window is opened when incident gets triggered DLP can not fetch URL info. so are you saying even if the incident gets triggered in standard mode DLP can not capture URL info if incognito window is open. My assumption was in standard mode as the extensions are loaded DLP shoud capture URL info. regardless if incognito window is open or not

jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 19 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

Hi @sati ,

Thank you for the info.

As per my screenshot in my post earlier, I have triggered that Incident by having only Incognito window opened in chrome. 

So this matches with you screenshot below which was shared earlier,

Sample.PNG

So when only Incognito window is opened directly from the windows Start menu and a data loss is attempted, DLP would trigger an Incident for the same, however the additional information section will have the above message in the screenshot above.

 

When you have opened Incognito window and Standard mode together and uploading files to Standard mode, the URL information captured in the additional information section, will not be reliable, however a URL information will be captured.

 

addinfo.PNG

 

To avoid non-reliable URL information, as per the KB91503, we suggest to disable chrome Incognito as per the steps provided in this article, so that we do always get the correct URL information.

 

May be if there is a difference in the above statements which does not match your case, you can try to test with DLP 11.4 or DLP 11.5 once, or you can always open up a support case with us so that we can assist you in troubleshooting over the remote session.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
JKBH1
Level 10
Report Inappropriate Content
Message 20 of 20

Re: ePO 10 update 4 is not displaying incidents with URL destination when using Chrome in Standard M

Yes, DLP 11.5 RTW is the fix for our environment.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community