Thx for the answer i would like to do this but we are forced to use this version of the agent because a newer one is not approved for us at the moment. But it must be something else because in our other networks the same setup is working fine with this agent version and DLP.
Maybe something else i could check?
Generate some debug logs on the agent side. Do so the same for the DLP agent via the agent-policy in the policy catalog.
I'd suggest against doing this globally, as debug logs can eat up your resources and your disk space fast!
here is a link to get you started
Additionally, check your VSE and DLP policies to ensure that they exclude each other. Meaning, VirusScan should be trusted by DLP and not checked, and DLP processes should be trusted by VSE and not checked constantly.
Hallo, thx for the Answer.
Today we found the problem.
We checked the eventparser.log and recognized that was not working in the proper way.
Over the eventparser.log we found out the a folder under c:/program files/mcafee/epolicy orchistrator/db/events was lost.
The under the path the "events" folder was missing when we recreated it it says there is allready existing the "events" folder.
We checked in the "db" folder was just a file named "events" with 0 kilobytes and we renamed the file and restarted the mcafee parser service and than it was possible to recreate the folder "events" after this we restarted again the parser service and he starts to write all events to the DLP Monitor.
So now everything is working and fine :-)
Thx for the help and maybe this will help somebody else.