cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ISmith
Level 10
Report Inappropriate Content
Message 1 of 5

ePO Service account showing up in firewall logs

Hello, I need to figure why this is happening and whether or not I can work around it.

Running ePO 5.10.0.2428 update 3 and various DLP 11.4/11.5.

It appears that when a user is surfing the web with the DLP agent installed, the web traffic is (sometimes) impersonates that user so that the firewall log itself correlated to the ePO service account instead of the user's own domain account.

 

I am seeing this for external web browsing, internal LDAP, kerberos, DNS, and all sorts of traffic.

4 Replies
tucker84
Level 10
Report Inappropriate Content
Message 2 of 5

Re: ePO Service account showing up in firewall logs

Do you have any other McAfee products besides DLP and McAfee Agent installed? Is your ePO Cloud or on Prem?

ISmith
Level 10
Report Inappropriate Content
Message 3 of 5

Re: ePO Service account showing up in firewall logs

OnPrem, ePO + DLP + FRP. that's it.

Corey-DLP
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: ePO Service account showing up in firewall logs

Is your ePO Service account being used for evidence replication in your DLP policies?

ISmith
Level 10
Report Inappropriate Content
Message 5 of 5

Re: ePO Service account showing up in firewall logs

Yes it is, and I can see it would be related to the local resource needed to connect to the share (kerberos, dns) But not sure why it would be associated with external 443 traffic.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community