cancel
Showing results for 
Search instead for 
Did you mean: 

event incident DLP

Hi

My problem is:

I created tags, long after the delete and replace by other tags, but in the event incident I still see the first tags(phantom), This tag  do not exist anymore, I remove the extension and agent dlp from master repository the epo and then I loaded the new extension  and agent,  I have same solution.

Currently I have one tag only. Each time a rule with the new tag is detected appear to me all the tags should not be.


The KB69017 did not solved my problem

All this I see from the event monitor dlp



4 Replies

Re: event incident DLP

Well, the events are stored in the BBDD, so the events will come back as it was created if you dont delete from the database...

I will advise you to purge the events from database

Best regards,

Jose Maria

Highlighted

Re: event incident DLP

Hi

I deleted all events in the database , when before uninstalling extensions

Re: event incident DLP

Try looking in the registry for the machines reporting these events

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\DLP Manual Tagging

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\DLP Manual Tagging

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB95DD2C-8D74-4D48-80D4-681549F47188}

Could be hard coded into the registry still or in the document properties....it appears the computers are not getting the new policy or cant delete it.

I would try deleting all the .opg files on the computer if that is the case.

Re: event incident DLP

Ensure that the incident reported shows the latest policy. If the machine did not receive the latest policy where the old tag was removed it will still be reported back.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center