cancel
Showing results for 
Search instead for 
Did you mean: 

DLP Agent deployment

Hello each one of you!

I got a question regarding DLP!

What are the possible reasons why a policy isn't enforced on a computer even though the agent has been successfully deployed?

I just can't figure it out... been already 3 days i'm stuck on it...

Thanks for help!

Damien
3 Replies

RE: DLP Agent deployment

Did you check your assignment group? I mean you have to create one and assign policies as per the assignment group.

- A
Highlighted

RE: DLP Agent deployment

Damien,

There are a number of possible scenarios where policy won’t be enforced on an endpoint. I would suggest first confirming that the DLP Agent has initialized. To do this, on the endpoint having the issues validate that the following processes are running: fcags.exe, (fcagswd.exe if you’ve enabled the watchdog feature), fcag.exe, fcagte.exe, and fcagt.exe. If the DLP agent fails to initialize you will generally be missing the fcagte.exe and fcagt.exe processes.

There are a number of reasons why the processes can fail to initialize and you should make sure to not confuse delay associated with the first starting these services with the services not starting up at all. (Generally, give them 30 or so minutes as a window to start-up – I've seen it takes a while.)

The most common reason I’ve come across for the services failing to start-up on an endpoint is because the Profile Single Process policy (Domain security settings -> Local Policies -> User Rights Assignment) is enabled for the user at the time of the DLP installation. I believe it’s because something fails to register during installation, so simply logging into an account that does not have this permission set does not actually resolve the issue because it creates other issues.

Possible Actions in above scenario:

- Action 1 in a lab environment: Log into a local admin account (the policy likely not to be applied) and run the fcag.exe process manually. I’ve always seen the processes start-up, but doing this causes another effect wherein they register with another account and the fcag.exe process does not start-up by default when you reboot the computer and log in as another user.

- Workaround: Remove the profile single process from the account that ePO framework agent uses (guess) or the user account you’re installing the DLP services with. Uninstall the DLP agent and create a new task to reinstall. You’ll find it comes up if this was the issue.

Hope that’s a starting point.
gmbhxx
Level 7
Report Inappropriate Content
Message 4 of 4

thx...

good topic... just needed it...

led shoelaces
mens cologne
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community