HDLP 3.0 has 3 possible agent status values:
The HDLP agent status will show as passive if:
- The machine is logged-off
- The machine is powered-off
- The agent is up but without any policy
- The agent has been installed but a reboot has not occurred
- The agent has been installed and a reboot has occurred but nobody has logged onto the client.
When the machine is logged-off (i.e. in passive mode) the agent service will receive the new policy but will not be applied until login. To validate that HDLP policy is applied on a specific machine you need to validate the “Policy version” field in the DLP properties in ePO.
The HDLP agent status will show as broken if their is an issue during the HDLP agent install and the self remediation mechanism tries to reinstall the HDLP agent drivers and fails.
The HDLP agent status is active when all of the following conditions are met:
- A user is logged-in
- The agent process (FCAG.EXE) is running
- The policy is applied.
Following thorough investigations on the behavior of the machine, I found a registry key agent HDLP3 that defines the status of functioning.
You can not change the value of the key, then delete the key and restarted the machine.
On reboot the key is recreated and changed from Passive (0) to Activate (1).
Key: [HKEY_LOCAL_MACHINE \ SOFTWARE \ McAfee \ DLP \ Agent \ Properties \ Agent]
Delete this entry "Active" = "0"
All OK now.