I'm trying to make Encrypt on Demand work, which is technically an HDLP function, but I'm posting in EEM because it appears I'm missing the EEM encryption key...
Here's a quote from DLP v9 Product Guide for EPO 4.5 (the red text is the key)
Encrypt on demand
File system protection, removable storage protection, and discovery rules have an option to
encrypt on demand. This means that in addition to the usual actions of Block, Monitor, and so
forth, the option Encrypt is present on the rule wizard actions page. To use this option, McAfee
Endpoint Encryption must also be installed, and you must define an encryption key in McAfee
Host Data Loss Prevention with a name that matches a defined key in McAfee Endpoint
Encryption. If these conditions are not met, the action defaults to Block.
So, how do I determine where this encryption key is for EEM? I'm using EEPC 6.0.1, and there does not appear to be any facility to export or reveal an encryption key name to specify in the HDLP encryption RM and Encryption section.
I did open up an MMC, load up two Certificates Addons (one for computer acct and one for WCF Service Account). I then searched for any cert with keyword McAfee in it, and I found these three keys.
Are any of these the keys generated by EEM at the time of installation?
Self-Update - I found this thread and it's confirming my concern... EEPC does not support Encrypt on Demand for HDLP.
If I'm interpreting this thread correctly, then I won't get encrypt on demand unless I do one of two things...
Downgrade EEPC v6 to EEM for PC v5.2.4 with EEFF v3.2.5
I wait for the EEFF v4 (which incorporates EPO support) to be released, so I can keep all the management interfaces inside of EPO.
I guess it's time to talk to the rep.
you can run EEPC6 with EEFF 3.x at the same time - you don't have to link the two together (though it saves on a logon if you do so).
I wondered about this, but I read in the EEFF quick start guide (pages 5-6) that the EEM is a requirement.
Sequence of Events
The installation and setup of Endpoint Encryption is order-dependent and must be
done in the following sequence:
1. Install the Endpoint Encryption Manager.
2. Create the Object Database.
3. Create the Endpoint Encryption Communication Server application.
4. Add users to the system.
5. Create encryption keys.
6. Assign users and security administrators to encryption keys.
7. Create encryption policies.
8. Assign policies to users.
9. Create a Endpoint Encryption for Files and Folders installation set.
10. Install Endpoint Encryption for Files and Folders on a client machine.
11. Further Activities – Encrypting Folders and File Types.
12. Removing Endpoint Encryption for Files and Folders and Endpoint Encryption
So, how can I install EEFF v3.2.5 without the EEM 5.2.4 (or at least have it to where I'm using EEPC v6.0.1 in EPO 4.5 P2 and EEFF)? I'm assuming a hybrid configuration would require EEM to only manage EEFF and EPO to manage EEPC... thus causing the dual logins, is this correct?Message was edited by: BionicSecurityEngineer on 6/11/10 9:05:01 AM CDT
yes - you can use EEM to manage EEFF, EEPC, or both. You don't need EEPC5 to use EEFF3.
You'll end up with EPO for EEPC6 and HDLP, and EEM for EEFF3 though.
Wow! Lots of acronyms!