You are correct, by removing the check with the 'Enable' check box will tell any client assigned this policy to start decrypting any encrypted drives.
Have you performed a wakeup agent on this client with Force Policy ?
If that does solve the problem, then we would need to look at the MfeEpe.log for any errors. If you can attach it, I will have a look at if for you..
Hope this helps.
I have done an agent wake up call with the Force Policy and the machine still reports as Active and encrypted. I have attached the MfeEpe.log from the problem machine. I have logging set to "4" right now.
MfeEpe.zip 294.1 K
Thanks for the log file, can't seen any problems in there at the moment.
Would help if you could also attach the McAfee Agent Log and answer the following questions:
- How many machines do you have managed by ePO?
- How many of those machines have EEPC installed ?
- Are you using policy assignment rules?
- What is the Agent Server Communication Interval (ASCI) ?
Thanks for looking at the logs for me. I have attached the agent log for the problem machine.
- How many machines do you have managed by ePO? ~12,000
- How many of those machines have EEPC installed ? ~88 (we are in the pilot phase)
- Are you using policy assignment rules? No.
- What is the Agent Server Communication Interval (ASCI) ? 120 minutes.
Agent.zip 87.9 K
This morning when I powered up the laptop that would no de-activate it de-activated and started decrypting the HDD. I did not change anything on this machine or its policies. This is also not the first time since discovering the problem that I have shutdown and restarted this machine. This is just plain weird. I am glad that it de-activate but why did it take 2 days to start? This is a test machine and I had the time to see what would happen if I left the machine as is but this would not be possible if this were a production machine that needed endpoint encryption removed.
Is there a firewall or NAT between the client and ePO or the Agent Handlers?
No and everything else is working correctly. I can send wakeup calls and send the machine properties back up to the ePO server.
Reaction on EEPC policy change is different like for example with VSE or even MA it is no so quick. Probably because of data channel which must to be created, so there is always some noticeable delay, sometimes it is even few minutes. From my experience it will vary and most likely depends on ePO server load.
If you do see this again, try checking the task manager to see if the MfeEpeHost.exe process is using CPU. If it's consistently using non-trivial CPU %, then it may actually be decrypting, but failing to report the status. It would be helpful to find out which it is.