I've configured the evidence folder according to the guide. I added Domain users computer with special permission.
I can open the evidence$ folder and put any file to that folder from the client computer. But unfortunately, when I tried to open the evidence from DLP Monitor, the evidence was not there. The error saya that "evidence is not avaibale". I checked the evidence folder, and there is no file in there.
Anyone has any idea why the evidence is not there?
And one more thing why is the connection state says that it offline? in fact my client was online.
anyone has the same problem?
client pc (with hdlp agent) in domain?
The DLP Agent gets to know about being online/offline if it can/cannot connect to its Windows Domain
Controller (Which contains the Active directory).The Agent configuration settings has the "Refresh online
Status interval" set to 30 sec.If the Agent machine is not able to contact the DC for more than 30 seconds,
the machine is recognized as Offline by DLP.
Please ensure your Agent machine is able to connect to the DC for online events.
yes, the client is wihtin the domain. it can contact the domain controller (contain Active Directory and DNS) with no problem.
I can ping the ePO server by using hostname without any problem. and the McAfee agent monitor shows no error while communicating with the ePO server. is there any other issue that might cause this?
please provide me ipconfig /all information from client pc
attached ipconfig /all from client side and server side.
I also attached evidence folder in the client side. it looks like, the evidence is not replicated to the server.
Try to define default gateway on client PC (192.168.10.10 for example). I am think this may help.
And use latest DLP agent version (22.214.171.124) In this build resolve some issues with agent CPU utilization.
I think the easiest test you can do is to allow permissions to Everyone on this share and maybe also configure Advanced permissions for Everyone to allow Full rights to "This folder, subfolders and files"
Confirm that a client machine can browse to the Evidence folder as a UNC path from the Run command e.g. \\<ipaddress>\evidence_folder and once you have opened the share, confirm if the client can write to it e.g. try to create a document or notepad file in this share.
Once confirmed, then try to reproduce the issue which generates the evidence on this client and see if you can then access the evidence from the DLP Monitor.
It is very likely that the issue is permissions.
actually i was not thinking by adding the default gateway might solve the problem becuase from the network point of view, these server and client reside in the same segment, thus doesnt need gateway to be specified. And as I said earlier, communication between server and client has no problem (able to ping either using IP or hostname, no update problem).
But unfortunately, after I added the server IP address as a gateway, evidence file from client site replicated to the server and now the connection state is "online" and the evidence is available from the DLP Monitor.
Does anyone has further explanation with this.? why do we have to speficy the default gateway eventhough the server and client reside in the same segment.?
anyway, many thanks for the help.