Showing results for 
Show  only  | Search instead for 
Did you mean: 

Policy Assignment Rules - Not applying

Hello all,

My first post, and I am completely stumped.

I am running ePO 4.6.4 (Build: 202) and attempting to build a complex series of Policy Assignment Rule-sets to apply most of my more difficult policies to machines. I have 22 rules. The rules apply mostly to HIPS (8.0) but I also have rules in place for VSE for Linux (1.7) and Policy Auditor (6.1)

I cannot get the rule-sets to apply. During agent-server communication a rule refuses to apply (and according to what I can find in the product guide for 4.5 and 4.6, that is when it should occur.) I have done everything I can think of, including ensuring the tag works, the Agent-Server communication is up, the Products that a rule-set were applied to were installed on the System (in this case HIPS 8.0 has been installed via Client Task) and making sure that my policies can be manually applied to the system.

Here is an example of the issue:

Server Name: Server1

Tag applied: Server1 Object (Tag is assigned to all objects with a matching System Name and works correctly.)

System Location (in Tree): My Organization > SubFolder > Subfolder > Subfolder

Policy Assignment Rule Name: Apply Server1 Firewall Ruleset

Description: Applies the "Server1 Firewall Rule" to objects with the "Server1 Object" tag.

Type: System

System Criteria:

     /My Organization

     OR (Subfolder)

     OR (SubFolder > Subfolder)

     OR (SubFolder > Subfolder > Subfolder) (This is where the system is located in the tree)

Tag Criteria: Has Tag: Server1 Object

User Criteria: No user criteria selected

Assigned Policies: HIPS 8.0: Firewall > Firewall Rules (Windows) > Server1 Firewall Rule

For the life of me I cannot see why this (or any of my other) policies will not assign automatically. As this is a key part of my design (and must be fully re-producable by a non-experienced technician in the field, the whole reason I want to deal with the rules in the first place) I really need this to work as expected.

Can anyone tell me what I am missing here?

2 Replies

Re: Policy Assignment Rules - Not applying

Ok, so a day later I have finally bothered to replace the HIPS General "McAfee Default" policy with my normal HIPS UI policy. The important difference between the two is that my policy allows the UI to appear in the tray. I knew that the product had installed, but had not actually opened HIPS. Lo and behold, checking the HIPS Firewall policy as actually applied on the server shows that the correct Firewall policy is there, even if EPO does not really reflect that.

I have been relying on ePO to tell me what policies are assigned to my systems, assuming that when I select the server as listed in the policy above, and select Actions > Agent > Modify Policies on a Single System that I would see that the Policy Assignment Rule had changed the assigned policy. Not only that, but normally when you manually assign a single policy (exactly what the PAR is doing) you can see that inheritance has been broken in the Assigned Policies section of the System Tree.

The systems administrators that will be in charge of these servers will not be ePO Subject Matter Experts. What is the best way to have them verify that policies are being assigned? I cannot find a log or a way to verify that all of my PARs are working as intended, and it is too cumbersome to have them check every server. If it is it not easily checked, I am better off making them assign the policies manually so at least they can tell what the currently assigned policiy is in the System Tree.



McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Policy Assignment Rules - Not applying

If you're using policy rules, then if you use Actions > Directory Management > View Assigned Policies instead of "Modify policies on a single system" it should give you what you're looking for.



You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community