Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
350 Views 0 Replies Latest reply: Oct 31, 2013 2:24 PM by Regis RSS
Regis Champion 457 posts since
Oct 6, 2010
Currently Being Moderated

Oct 31, 2013 2:29 PM

Host DLP 9.2 -> 9.3 upgrade question ; curious delays for policy change to take effect?

I'm in the midst of an ePO transition in which the new ePO has DLP 9.3 on it.  THe old ePO has 9.2.     2 test machines have been pushed agents from the new ePO and have come over with their 9.2 HDLP client software intact.     I completed the 9.3 HDLP install on the new ePO and  imported  both DLP and ePO policy  from the old ePO with the promise of backward compatibility.  

 

I'm noting an interesting behavior in an old DLP 9.2 client and Agent 4.8.x  ...  where things just weren't working.   Finally rebooted, turned off VSE access protection, updated the DLP client to 9.3, and rebooted.   EVen then it took a LONG time for the new plug and play  mass storage device class block rule I created to come active on a couple of hosts.  Minutes after a reboot and several agent wakeup calls, a certain usb key was still being allowed   (this same USB that on another machine was handled by the new mass storage rule).    Also, this particular host was talking to ePO and receiving policies fine via the agent status monitor, but for some reason,  no events fro this host ever made it into the DLP Incident Manager.     

 

However, an hour or so later when this host was tried again, the drive was finally blocked and events from HDLP finally flowing up to the new ePO. 

 

Has anyone else seen curiously long delays like this?  

 

Also, has anyone else fought issues with  VSE 8.8's  access protection rules   making  DLP agent upgrades or policy upgrades rather difficult?

 

on 10/31/13 2:29:11 PM CDT

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points