2 Replies Latest reply on Jan 27, 2014 1:59 PM by cdobol

    MDE 7.1 - Disable Pre-Boot Authentication When Not Synchronized

    cdobol

      I am asking for opinions on this issue.  I currently have a SR open with McAfee regarding the "Disable Pre-Boot Authentication When Not Synchronized" setting.  I have found the "Last Synch" date is reset on a policy enforcement event and NOT a successful EPO ASCI event. This means a machine could be kept unlocked indfefinetely without synching with the EPO server or being on any sort of network.  I  think this setting should operate much like the 5.x, where if it does not talk to the Safeboot server in X amount of days the machine is disabled.  The last I heard from McAfee on this they are telling me its working as intended.  I disagree. either treat it as a bug or change the setting name to "Disable if policy enforcement has not run"..

       

      Opinion... Do you think the setting should be based on a policy enforcement date or last successfull ASCI date with your EPO server(s).

       

      Thanks for listening.