cancel
Showing results for 
Search instead for 
Did you mean: 

Why we cannot get evidences from Offline machines(Travel Laptops) to ePO server

Hello all,

I am not getting evidences from traveled laptop to our ePO

Hope for a possitive response

Regards,

Mrugesh

6 Replies

Re: Why we cannot get evidences from Offline machines(Travel Laptops) to ePO server

I presume you mean that the travel laptops are not checking in with ePO and reporting status.

Setup an Agent Handler in your DMZ.   Check the ePO documentation on Agent Handlers is has good directions.

Works very well

Herb Smith

Re: Why we cannot get evidences from Offline machines(Travel Laptops) to ePO server

Thanks Herb Will definately try the same.

till then i would like to precize my problem more for our future discussons

There are 2 cases where in i am facing issues,

1 The laptops when connected on internal network after travel (say from 01-03-2012 to 29-03-2012) gives the logs of those 30 days but not the evidences (for eg. we get the path or which file it is but not the content of that file) as we get from online machines.

2  Few Users are beseated in Overseas like RSM's or Sales Managers who never get connected to our network we have VPN services through which we can enable the systems to sent the events from outside networks to our ePO server but the same issue that we not able to get the evidences.

Re: Why we cannot get evidences from Offline machines(Travel Laptops) to ePO server

Are you trying to pull the logs on the local machine back to the server.  The logs in  ........\commonframework\.   Why?    ePO will monitory the status for you.  It can be configured to send you alerts when bad things happen.   Do your management from ePO.

Herb

georgec
Level 13
Report Inappropriate Content
Message 5 of 7

Re: Why we cannot get evidences from Offline machines(Travel Laptops) to ePO server

BTW, is evidence being created for internal users?

Re: Why we cannot get evidences from Offline machines(Travel Laptops) to ePO server

Yes George

Thanks for the reply

our Endpoint is working absolutely fine for internal users only concern is about our external User who are never connected to our internal network and those who are on travels whose laptops are handed over to IT/us after the travel

so as far now evidences from travel laptops are ok for us only concern is for overseas users.

Well try to setup thru dmz and let's see if we can get the evidences as well for overseas employees

georgec
Level 13
Report Inappropriate Content
Message 7 of 7

Re: Why we cannot get evidences from Offline machines(Travel Laptops) to ePO server

There are 2 things that generated when users actions are blocked:

- evidence . It's replicated to the server through CIFS and it needs separate port configured. Also, if they are in the internet and the server is in DMS, they probably cant write to the internal network location for evidence replication if the path is something like \\server.domain.local\evidence$ because (1) nobody will resolve that hostname and (2) it's probably an internal ip.

- events . Sent to the server through normal agent sync. easy to set up in dmz.

PS: Check in DLP policy under agent configuration for Evidence retention settings. Default it delets the evidence after 20 days if it's not replicated to the evidence share.

George

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community