4 Replies Latest reply on Jun 11, 2010 9:05 AM by SafeBoot

    EEPC & HDLP's encrypt on demand?? Where's the EEM cert?

      I'm trying to make Encrypt on Demand work, which is technically an HDLP function, but I'm posting in EEM because it appears I'm missing the EEM encryption key...

       

      Here's a quote from DLP v9 Product Guide for EPO 4.5 (the red text is the key)

       

      Encrypt on demand

      File system protection, removable storage protection, and discovery rules have an option to

      encrypt on demand. This means that in addition to the usual actions of Block, Monitor, and so

      forth, the option Encrypt is present on the rule wizard actions page. To use this option, McAfee

      Endpoint Encryption must also be installed, and you must define an encryption key in McAfee

      Host Data Loss Prevention with a name that matches a defined key in McAfee Endpoint

      Encryption. If these conditions are not met, the action defaults to Block.

       

      So, how do I determine where this encryption key is for EEM? I'm using EEPC 6.0.1, and there does not appear to be any facility to export or reveal an encryption key name to specify in the HDLP encryption RM and Encryption section.

       

      I did open up an MMC, load up two Certificates Addons (one for computer acct and one for WCF Service Account). I then searched for any cert with keyword McAfee in it, and I found these three keys.

      mycerts.gif

      Are any of these the keys generated by EEM at the time of installation?

        • 1. Re: EEPC & HDLP's encrypt on demand?? Where's the EEM cert?

          Self-Update - I found this thread and it's confirming my concern... EEPC does not support Encrypt on Demand for HDLP.

          http://community.mcafee.com/message/108403#108403

           

          If I'm interpreting this thread correctly, then I won't get encrypt on demand unless I do one of two things...

           

          Downgrade EEPC v6 to EEM for PC v5.2.4 with EEFF v3.2.5

           

          OR

           

          I wait for the EEFF v4 (which incorporates EPO support) to be released, so I can keep all the management interfaces inside of EPO.

           

          I guess it's time to talk to the rep.

          • 2. Re: EEPC & HDLP's encrypt on demand?? Where's the EEM cert?

            you can run EEPC6 with EEFF 3.x at the same time - you don't have to link the two together (though it saves on a logon if you do so).

            • 3. Re: EEPC & HDLP's encrypt on demand?? Where's the EEM cert?

              I wondered about this, but I read in the EEFF quick start guide (pages 5-6) that the EEM is a requirement.

               

              Sequence of Events
              The installation and setup of Endpoint Encryption is order-dependent and must be
              done in the following sequence:
              1. Install the Endpoint Encryption Manager.
              2. Create the Object Database.
              3. Create the Endpoint Encryption Communication Server application.
              4. Add users to the system.
              Introduction
              6 |
              5. Create encryption keys.
              6. Assign users and security administrators to encryption keys.
              7. Create encryption policies.
              8. Assign policies to users.
              9. Create a Endpoint Encryption for Files and Folders installation set.
              10. Install Endpoint Encryption for Files and Folders on a client machine.
              11. Further Activities – Encrypting Folders and File Types.
              12. Removing Endpoint Encryption for Files and Folders and Endpoint Encryption
              Manager.

               

              So, how can I install EEFF v3.2.5 without the EEM 5.2.4 (or at least have it to where I'm using EEPC v6.0.1 in EPO 4.5 P2 and EEFF)? I'm assuming a hybrid configuration would require EEM to only manage EEFF and EPO to manage EEPC... thus causing the dual logins, is this correct?

               

               

              Message was edited by: BionicSecurityEngineer on 6/11/10 9:05:01 AM CDT
              • 4. Re: EEPC & HDLP's encrypt on demand?? Where's the EEM cert?

                yes - you can use EEM to manage EEFF, EEPC, or both. You don't need EEPC5 to use EEFF3.

                 

                You'll end up with EPO for EEPC6 and HDLP, and EEM for EEFF3 though.

                 

                Wow! Lots of acronyms!

                1 of 1 people found this helpful