7 Replies Latest reply on May 22, 2013 6:52 PM by norbertg

    epo 4.6 lost policy

    norbertg

      https://community.mcafee.com/thread/56686

       

      Please see post above for background details. How can I retrieve policies? No idea they disappeared.

        • 1. Re: epo 4.6 lost policy
          norbertg

          No idea how they disappeared.

           

          I'm writing this on a phone.

          • 2. Re: epo 4.6 lost policy
            Attila Polinger

            Hello Norbert,

             

            Are you suggesting that you used to have Policy A for MSME in ePO and now there is no Policy A, only McAfee Default?

            Or there is Policy A, but for some reason it does not get applied to MSME node?

             

            Attila

            • 3. Re: epo 4.6 lost policy
              norbertg

              Hi Attila,

               

              There was a custom policy called 'MSME Scanner Settings' or something similar and it is no longer there. I only have the 2 default McAfee policy and McAfee Enchanced policy.

               

              I had MSME service disabled overnight during reboot I'm about to start it back up and see what happens.

               

              Thanks,

              Norbert

              • 4. Re: epo 4.6 lost policy
                norbertg

                I just started MSME up and the old settings appear to be applied to the scanner yet don't appear in EPO.

                • 5. Re: epo 4.6 lost policy
                  Attila Polinger

                  I would recreate that custom policy and monitor if it disappears in the next few days or week. Hopefully you are the only one accessing that policy and noone messes around even inadvertently .

                  • 6. Re: epo 4.6 lost policy
                    norbertg

                    I've thought about recreating them and I might have to, unfortunately I don't know all the policies that have changed. Luckily I have MSME working again and have an older copy of the xml file restored from tape. I should be able to extract white and black lists.

                     

                    Message was edited by: norbertg on 23/05/13 9:05:30 AM
                    • 7. Re: epo 4.6 lost policy
                      norbertg

                      I've started recreating the policy from scratch.

                       

                      I have some differences in the config file, can someone please tell me where the bolded parts are located in EPO?

                       

                      <McAfeeConfig>

                          <Alerts/>

                          <AsyncReporting ASYNCReportingLevel="0"/>

                          <DATSettings DATGenRetention="10"/>

                          <Diagnostics TBEnable="1" TBHandle="1" TBReport="1" TBReportToAM="0"/>

                          <FileRules>

                              <Rule FilenameCheck="0" FormatCheck="0" SizeCheck="0" SizeLimit="10485760" SizeType="greater" Unrecognised="1" builtin="1" id="FFR:1" name="__catch_all_rule">

                                  <FILENAME><![CDATA[*]]></FILENAME>

                              </Rule>

                          </FileRules>

                          <Identities>

                              <Identity Logic="One" id="I:EVERYONE" name="__everyone">

                                  <Rule><![CDATA[ (1=1)]]></Rule>

                              </Identity>

                          </Identities>

                          <MQM CallbackPort="49500" Port="49500"/>

                          <Notifications Administrator="italerts@COMPANYNAME.com.au" Sender="administrator@COMPANYNAME.com.au" Subject="McAfee Security for Microsoft Exchange Alert" TaskResultNotification="0">

                              <MsgExternalRecipient>

                       

                      Want to set it to: <CSESettings PreFileFilter="1"/>

                      Default: <CSESettings PreFileFilter="1" ScanForEmbedded="0"/>

                       

                      Want to set it to: <ASSettings AddCheckedToNonSpam="0" AttachReport="Never" BayesIdentities="" EnableNetworkTests="0" EnableRBLTests="1" MaxHeaderWidth="76" MaxMailScanSize="250" MaxReportedRules="180" MsgHeaderIndicator="Never" MsgHeaderName="" MsgHeaderValue="" NonSpamBayesThreshold="" PrefixSubject="0" PrefixSubjectText="****SPAM****" ScoreBasedAction1="1" ScoreBasedAction2="1" ScoreBasedAction3="1" ScoreBasedActionLevel1="High" ScoreBasedActionLevel2="Med" ScoreBasedActionLevel3="Low" ScoreBasedActionValue1="15.0" ScoreBasedActionValue2="10.0" ScoreBasedActionValue3="5.0" ScoreLevel="Custom" SpamBayesThreshold="" SpamIndicator="Never" SpamIndicatorText="*" SpamProfileName="" SpamThreshold="5.0" TimeoutRBLTests="15000" UseBayesLearning="1" UseDefaultBayesConfig="1" VerboseLogging="0" displayName="__core_spam_settings" id="***:1" name="McAfee Anti-Spam Settings" root="1">


                      Default: <ASSettings AddCheckedToNonSpam="0" AttachReport="SpamOnly" BayesIdentities="" EnableNetworkTests="0" EnableRBLTests="1" MaxHeaderWidth="76" MaxMailScanSize="250" MaxReportedRules="180" MsgHeaderIndicator="Never" MsgHeaderName="" MsgHeaderValue="" NonSpamBayesThreshold="" PrefixSubject="1" PrefixSubjectText="****SPAM****" ScoreBasedAction1="1" ScoreBasedAction2="1" ScoreBasedAction3="1" ScoreBasedActionLevel1="High" ScoreBasedActionLevel2="Med" ScoreBasedActionLevel3="Low" ScoreBasedActionValue1="15.0" ScoreBasedActionValue2="10.0" ScoreBasedActionValue3="5.0" ScoreLevel="Custom" SpamBayesThreshold="" SpamIndicator="SpamOnly" SpamIndicatorText="*" SpamProfileName="" SpamThreshold="5.0" TimeoutRBLTests="15000" UseBayesLearning="1" UseDefaultBayesConfig="1" VerboseLogging="0" displayName="__core_spam_settings" id="***:1" name="McAfee Anti-Spam Settings" root="1">