Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
898 Views 2 Replies Latest reply: Mar 13, 2013 6:56 AM by firestormangel RSS
whh Newcomer 6 posts since
Jul 23, 2012
Currently Being Moderated

Sep 10, 2012 3:30 PM

Automatic Responses for Device Control

I've been trying to set up SNMP traps for  HDLP (Device Control) under ePO 4.6.  We are licensed only for Device Control and don't have NDLP hosts running.  It appears that I am able to set up an email response to a DLP event, but the next button is grayed out on the notification pane if I choose SNMP traps.  Documentation for DLP 9.2 seems to indicate that SNMP might be an option if a network DLP appliance is installed.

 

So, are SNMP traps an option for basic McAfee Device Control?

 

If not, why not?

  • firestormangel Newcomer 1 posts since
    Mar 13, 2013
    Currently Being Moderated
    2. Mar 13, 2013 6:56 AM (in response to whh)
    Re: Automatic Responses for Device Control

    Hi

     

    We had a similar event showing up in our orion logs a couple of weeks ago. It turned out to be a "automatic response" job that was malfunctional that we had made. This prevented all of the other automatic response jobs from working properly when it came to sending traps and emails. Funny thing, it was another job failing, not even related to the mail and snmp jobs.

     

    Reference to unknown table:epoThreatEvent

    ok, so at first sight this might make you think there is something wrong with the database. This is not the case. The table "epoThreatEvent" is not a database table but an "object" on the EPO server memory used by the automatic response jobs - yes, its for sending among other things "traps".

     

    ok, so then you might think, so its my snmp jobs not working. I does not have to be. I think the best thing you can try is to disable the jobs under automatic response in your EPO, and then turn them on, one by one to see which job makes them fail. The fault might or might not show up, first thing, so give the jobs some time after you enable them. When you find the automatic response that fails, you should export the job as an xml and create a case with mcafee support. You might have to go though the process with the MER.exe and everything, but its better to do that in this case. They will assist you and it might be good for them to get the xml and try out the problem.

     

    Our failing automatic response was the "Create Issue", we still havent found the actual error, but we have a case with our support.

     

    Br

    Firestorm Angel

    ps. I might not be available for further replies or it might take time for me to reply..

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points