Is anybody using a RegKey as part of their McAfee Endpoint Security FW Location Aware Group setup and can elaborate on how and what they use it for?
I have a hard time to come up with how one would use it?
How do you set the RegKey and what is the deciding factor that you do?
Do you remove the RegKey once a condition is not met anymore or ist it only set once and never changed?
Hope some of you can provide me with an inspiration.
10/25/2017 11:43:18 mfefw(1636.2804) SYSTEM blframework.FIREWALL.Activity: Number of currently matching locations: 1Name: Inside Network
Number of criterias: 6
Default Gateway: 10.160.1.1
Default Gateway: 10.160.0.1
DNS Server: 10.160.0.1
DNS Server: 18.104.22.168
Domain Reachability: mcafee.com
Domain Reachability: use.cloudshare.comhttps://kc.mcafee.com/corporate/index?page=content&id=KB89987&elqTrackId=594630A526388295FFF3FA20972...Seems to me you would use this when you want to determine if your machine is on the local network or away example on vpn vs off
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
no since I was not looking for information on how to check if a LAG Condition is met, I am looking for an example on how someone is using a REGKEY as part of their LAG Setup and how they check that the condition that sets the REGKEY is met and how they change or remove the REGKEY if the condition that they check is no longer true.
I guess it would have to happen externally but what application people have found to use this fueature is what interests me.
The only thing I came up with is the isolate a client if a virus is found and not removed, I could set the RegKey as part if that Process and force a client to use a LAG that only allows connection to the ePO and cuts it of from all other traffic.
@oliver_m Registry entries used in Location Aware Groups (LAG) will widely vary depending how what exactly you want to monitor for. The most common use that I've seen is for applications (usually a VPN client) that changes a reg value when active (e.g., where some "status" value equals some "1" or "enable" value, or some other type of value that shows connectivity is established). There are no recommendations here though. You would have to determine if there is a use for this type of registry check, what exact registry item to check for, and what the registry value would be to determine if the LAG is "matched".
Others will have to provide their examples of how they use this feature in their environments.