Not sure why this option changed in DLP 9 but you use to be able to have DLP still working in Safe Mode. Now it just triggers an alert to let you know that someone has gone into safe mode.
I agree this needs to be looked at because this is back door than anyone can exploit not just Administrators.
we are facing the same problem with DLP220.127.116.112
we have contact the Service Support and they ask to install Patch 1;but still users able to bypass DLP in safe mode.
Support team take long time to reply back anyone can help or advice what can be done.
1 of 1 people found this helpful
This design was changed to overcome issues that were caused by DLP running in safe mode.
Unfortunately, this is the way it works. You shouldn't allow your end users to boot into safe mode.
this not the case that i should allow or not allow the user to log in the safe mode.
we have esclated the case to support and they ask to install patch one to fix the issue but it didnt help to resolve the problem.
this issue is showed up since Mcafee release version9.0.0&9.1 and till date we not getting any respone of how mcafee will handle or if its in development.
we canot just say this how it works since its working in older release......
In DLP Monitor do you get an alert to say the user logged in to safemode? if you do then this is working correctly. DLP Agent does not run in Safe Mode for DLP 9 but did in earlier versions. A product enhancement is required not a incident
From the DLP Documentation
Configuring Safe Mode operation
Safe Mode operation has been changed in McAfee Host Data Loss Prevention software version 9.0. Only agent protection operates in Safe Mode. The agent itself does not run in Safe Mode.
If you are unsure go into to DLP Monitor, filter the results by Administrative Events and choose the User logged in to Safe Mode.
If none of this is happening then you may have a fault if you have set the Agent Configuration to report Safe Mode within Events and Logging and you have set Advanced configuration to Activate Agent Selft Protection in Safemode.
Hi All, in dlp 9.1 agent self protection still not working . Any ideas? how to troubleshoot? Thanks!
I can confirm that (mis-)behavior. I'm afraid so. (Agent version: 18.104.22.168)
So, what do we have now?
We do have an extraordinary security suite that manages device access, file copy operations - even string based. We have protection rules, dictionaries, armed watchmen all around, minefields and electric fences. And none of it when I hit F8.
All we then get, is: Ooops, somebody has been here. You should run after him to maybe get some things back. Yippie.
Have I forgotten anything?
any update on this.