I have a project requirement that means I have to encrypt a bunch of machines with EEPC 7.0.2 (FIPS mode). The machines in question will be 100% standalone/isolated with no connection to our internal ePO server. The project requirements state that these machines can never touch our network as long as they being used for the secure project.
I have built an offline activation package which has been hit and miss to say the least. When activation fails I see <message>[0xCF060005] Not enough entropy available</message> in MfeEpe.log. I receive this message when the McAfee agent is installed and when the MA isnt present. If I connect the machine to the corporate network and wake up the MA, the policy enforcement time changes from 5 minutes to 45 minutes and then the device encrypts.
Is there a way to change the default policy enforcement time in the MA when the endpoint isnt connected to ePO? Im looking to edit this locally on a machine. My ePO policy is set to 45 minutes but the MA seems to default to 5 minutes when it cant communicate with ePO.
No. Because you are using FIPS mode it has to collect more entropy to satisfy the higher key generation requirements. If no one is using the machine, and there's no network, there are limited sources.
So if I wanst running EEPC in FIPS mode I should be ok? If so that might be the only option. Will have to see if the project requirements allow non FIPS mode.