2 Replies Latest reply on Jan 26, 2010 5:11 AM by Odilon

    DLP 3.0 Agent is Passive mode

    Odilon

      I have a problem.

      I install ePO4.0 Patch6, MA4.5 and DLP 3.0 in Server 2003 SP2 Enterprise English.

      Workstations with XP SP2, tha agent DLP is Passive mode. The agents was reinstall and the status continued passive.

      In this case , the policies of DLP in not applyed because the agent status is passive, but, the functions of device control is normaly.

      What are cause this problems?

        • 1. Re: DLP 3.0 Agent is Passive mode
          jstanley

          HDLP 3.0 has 3 possible agent status values:

          • Active
          • Passive
          • Broken

           

          The HDLP agent status will show as passive if:

          • The machine is logged-off
          • The machine is powered-off
          • The agent is up but without any policy
          • The agent has been installed but a reboot has not occurred
          • The agent has been installed and a reboot has occurred but nobody has logged onto the client.

           

          When the machine is logged-off (i.e. in passive mode) the agent service will receive the new policy but will not be applied until login. To validate that HDLP policy is applied on a specific machine you need to validate the “Policy version” field in the DLP properties in ePO.

           

          The HDLP agent status will show as broken if their is an issue during the HDLP agent install and the self remediation mechanism tries to reinstall the HDLP agent drivers and fails.

           

          The HDLP agent status is active when all of the following conditions are met:

          • A user  is logged-in
          • The agent process (FCAG.EXE) is running
          • The policy is applied.
          • 2. Re: DLP 3.0 Agent is Passive mode
            Odilon

            Following thorough investigations on the behavior of the machine, I found a registry key agent HDLP3 that defines the status of functioning.
            You can not change the value of the key, then delete the key and restarted the machine.
            On reboot the key is recreated and changed from Passive (0) to Activate (1).

            Key: [HKEY_LOCAL_MACHINE \ SOFTWARE \ McAfee \ DLP \ Agent \ Properties \ Agent]
            Delete this entry "Active" = "0"

             

            All OK now.