2 Replies Latest reply: Mar 13, 2013 6:56 AM by firestormangel RSS

    Automatic Responses for Device Control

    whh

      I've been trying to set up SNMP traps for  HDLP (Device Control) under ePO 4.6.  We are licensed only for Device Control and don't have NDLP hosts running.  It appears that I am able to set up an email response to a DLP event, but the next button is grayed out on the notification pane if I choose SNMP traps.  Documentation for DLP 9.2 seems to indicate that SNMP might be an option if a network DLP appliance is installed.

       

      So, are SNMP traps an option for basic McAfee Device Control?

       

      If not, why not?

        • 1. Re: Automatic Responses for Device Control
          whh

          Checking the orion logs is a good idea.  For my issue, I've found instances of

           

          Error processing notification. Operation aborted.

           

          and

           

          Reference to unknown table:epoThreatEvent

           

           

          Looks like something is whacky with the schema.

           

          Has anyone seen this?   What's the fix?

          • 2. Re: Automatic Responses for Device Control
            firestormangel

            Hi

             

            We had a similar event showing up in our orion logs a couple of weeks ago. It turned out to be a "automatic response" job that was malfunctional that we had made. This prevented all of the other automatic response jobs from working properly when it came to sending traps and emails. Funny thing, it was another job failing, not even related to the mail and snmp jobs.

             

            Reference to unknown table:epoThreatEvent

            ok, so at first sight this might make you think there is something wrong with the database. This is not the case. The table "epoThreatEvent" is not a database table but an "object" on the EPO server memory used by the automatic response jobs - yes, its for sending among other things "traps".

             

            ok, so then you might think, so its my snmp jobs not working. I does not have to be. I think the best thing you can try is to disable the jobs under automatic response in your EPO, and then turn them on, one by one to see which job makes them fail. The fault might or might not show up, first thing, so give the jobs some time after you enable them. When you find the automatic response that fails, you should export the job as an xml and create a case with mcafee support. You might have to go though the process with the MER.exe and everything, but its better to do that in this case. They will assist you and it might be good for them to get the xml and try out the problem.

             

            Our failing automatic response was the "Create Issue", we still havent found the actual error, but we have a case with our support.

             

            Br

            Firestorm Angel

            ps. I might not be available for further replies or it might take time for me to reply..