1 Reply Latest reply on Apr 6, 2011 1:56 AM by tony.lin

    DLP 2.0 -> 9.1 Upgrade: Device Rules not migrated?

    SteveKaye@Baird

      We've recently upgraded from DLP 2.0 to 9. 1 on ePO 4.0.  Since our 3000+ clients are still using DLP 2.2 Patch 2 (2.2.200.11), we enable this backwards compatibility during the upgrade.  We've only installed the 9.1.0.522 agent on 3 machines for testing.

       

      Following the upgrade, everything appeared to come over properly in terms of user groups, device definitions and policy, but for some reason one of the device rules (which happens to be our base "Block all USB devices" default device rule) wasn't working, which in turn allowed anyone to plug in a device.  After hours on the phone with McAfee, I decided to recreate this rule manually (not copying it), and then point this rule to our "Global" user group that consists of our "Managed Users" AD group (which represents the majority of ours users).  Upon doing so, devices were being blocked as expected.

       

      What bothers me is that there was no visual indication of errors during the migration/conversion of the legacy DLP 2.0 policy.  In addition, we have several other device rules actively being used in the environment - how do I know these rules are working/blocking as expected?  The only reason I found out things weren't right is because another user said her iPod was suddenly working when it hadn't previously. 

       

      McAfee has yet to figure out what happened, but assured me that once I created this new device rule, all the policy files were re-written, and that the other device rules 'should' work.  I am not buying this, and if users suddenly can access their previously blocked devices, they definitely aren't going to step up and let us know that there is a 'problem.'

       

      Has anyone else had issues like this?