6 Replies Latest reply on Jan 30, 2014 2:19 AM by filipk

    DLP Endpoint 9.3 Discovery not starting

    filipk

      Hello everyone,

       

      I am new to DLP and I've installed McAfee ePO 5.1 and DLP Endpoint 9.3 on Win Server 2012 in a demo environment. I've deployed two agents and dlp endpoint products to Windows Server 2008 R2 and 2012, set up File System Discovery scan and it doesn't work.

      The rule and schedule are set and enabled, but I am getting Status: Not started in DLP Endpoint console on client machines.

       

      Email Storage discovery works fine and updates every time i apply the new policy, File System Discovery doesn't.

       

      Does anyone know how to resolve this? I would appreciate any help.

       

      Screenshots below

       

      Capture2.PNG

      Capture3.PNG

      Notice that it says "not configured", but when I click on Local File System it shows  scan details and the status is "not started". 

      Capture.PNG

        • 1. Re: DLP Endpoint 9.3 Discovery not starting
          keithdrone

          Check the following.

           

          DLP agent policy (via your policy catalog)

          Do you have 'File Discovery' plugin enabled in the Misc. tab?

          Do you have restrictions set in the discovery that are too restrictive, such as CPU/RAM cutoff values, or files/folders to scan excluding too much?

           

          Do you have the File Discovery Rules in your Policy Manager assigned to a User group or to the Computer Assignment policy?   On a server, you may consider trying to enable it as a 'Computer Assignment' group instead of a user group.

          1 of 1 people found this helpful
          • 2. Re: DLP Endpoint 9.3 Discovery not starting
            rtrezza

            As per the release notes for v9.3, "File System Discovery rules are not supported on servers."

            1 of 1 people found this helpful
            • 3. Re: DLP Endpoint 9.3 Discovery not starting
              keithdrone

              Yes, not 'supported', but they do work.     We run them on Server 2012's in our PCI jump zone.

              • 4. Re: DLP Endpoint 9.3 Discovery not starting
                filipk

                keithdrone wrote:

                 

                Check the following.

                 

                DLP agent policy (via your policy catalog)

                Do you have 'File Discovery' plugin enabled in the Misc. tab?

                Do you have restrictions set in the discovery that are too restrictive, such as CPU/RAM cutoff values, or files/folders to scan excluding too much?

                 

                Do you have the File Discovery Rules in your Policy Manager assigned to a User group or to the Computer Assignment policy?   On a server, you may consider trying to enable it as a 'Computer Assignment' group instead of a user group.

                All of the above was ok except the assignment policy. It was assigned to a User group, I'm not really sure how to assign it to Computer Assignment group.

                I went to System Tree->Assigned Policies->Computers Assignment Group->Edit Assignment, where I've chosen break inheritence and  assigned a new policy that was based on the current policy. Still there is no change in Local File System Discovery on the endpoint servers...

                • 5. Re: DLP Endpoint 9.3 Discovery not starting

                  Email Storage Discovery Rules work. File System Discovery and Network Communication Protection Rules are "not supported" as in they do not work in Server Operating Systems.

                  • 6. Re: DLP Endpoint 9.3 Discovery not starting
                    filipk

                    Thank you, it seems we will have to rely on NDLP Monitor to scan the server file systems.