Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
471 Views 4 Replies Latest reply: Oct 29, 2013 5:00 AM by adpspt RSS
adpspt Newcomer 8 posts since
Jun 17, 2013
Currently Being Moderated

Oct 25, 2013 3:28 AM

Problem with DLP no new events in DLP Monitor

Hallo,

 

we are using EPO 4.5 and MAgent 4.5 and DLP 9.1 on Windows 2003 Server.

My Problem is that we dont see new events in the DLP Monitor and when i click on the MAgent on Send events he get the message : "Agent failed to communicate with EPO Server" but when i use the "Collect and Send Probs" its working.

Also Deployment to new machines is working fine they get the MAgent than the VSE 8.7 and the DLP 9.1 but also on the new workstations when i click on "Send events" the same message "Agent failed to communicate with EPO Server".

The last entry in the DLP Monitor is from 09.10.2013.

I also checked the the evidence folder is accessible from outside and also the connection of the DLP to the Database is working and successfull.

 

Has somebody a idea what i can check or what could be the problem?

 

best regards

adpspt

  • keithdrone Apprentice 56 posts since
    Jan 28, 2013
    Currently Being Moderated
    1. Oct 25, 2013 7:16 AM (in response to adpspt)
    Re: Problem with DLP no new events in DLP Monitor

    Almost sounds like more of an Agent problem, have you considered upgrading your agents to a newer version?   4.5 agent is either EOL or at least nearing it.  

  • keithdrone Apprentice 56 posts since
    Jan 28, 2013
    Currently Being Moderated
    3. Oct 28, 2013 1:33 PM (in response to adpspt)
    Re: Problem with DLP no new events in DLP Monitor

    Generate some debug logs on the agent side.  Do so the same for the DLP agent via the agent-policy in the policy catalog.

     

    I'd suggest against doing this globally, as debug logs can eat up your resources and your disk space fast!

    here is a link to get you started

    https://kc.mcafee.com/corporate/index?page=content&id=KB58966

     

    Additionally, check your VSE and DLP policies to ensure that they exclude each other.  Meaning, VirusScan should be trusted by DLP and not checked, and DLP processes should be trusted by VSE and not checked constantly.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points