2 Replies Latest reply on Nov 21, 2014 3:35 AM by howardmp

    ePO HDLP - Agent Configuration and Assigned Policy Agent Configuration

    howardmp

      Hello all,

       

      I'm attemepting to set up a web post protection rule in ePO and am not sure where to configure the agent settings for File Tracking etc. Both the Agent Configuration within DLP and the Agent Confuration within Assigned Policies from System Tree seem to have the same options - which one should I be using and what is the difference? Do I need to apply  the Devcie Control and Full Content setting for Web Post and Email Protection policies to work? I have currently done this on the Assigned Policy which I've deployed to some test computers in the System Tree but left it as Devcie Control and Content Aware Removable Storage (without tag support) on the Agent configuration within the DLP window - will this cause a conflict? Are there any other setting I should look out for to deploy for these two protection policies.

       

      Apologies if I'm missing something obvious.

       

      Many thanks for any advice

      Hugh

        • 1. Re: ePO HDLP - Agent Configuration and Assigned Policy Agent Configuration
          Sathish L

          Hi,

           

          >> From the Agent Configuration menu, select Edit Global Agent Configuration.

          >> In the File Tracking tab, verify the required Operation Mode.

          >> In order to use device control and protection rules, I would suggest you to enable this option "Device control and full content protection is the default when you upgrade the license".

          >> In the Miscellaneous tab, select the modules you require.

          For example: To use email protection and web post protection rule, you can enable the outlook handler (for outlook client) and for web post, enable firefox handler and internet explorer plugin.

          >> Once it is done, Click apply to apply the dlp policies.

          >> If you have domain users to apply those policies then no need to do anything with dlp policy present in policy catalog.

          >> Assign the default dlp policy and check the status.

           

          Both the Agent Configuration within DLP and the Agent Confuration within Assigned Policies from System Tree seem to have the same options - which one should I be using and what is the difference?


          In policy catalog, if you use default policy then the changes made on the dlp policy console will be reflected. If you duplicate it, then changes will not be reflected on the duplicated policy.

          For example:

          If you have user assigned in dlp policy manager console then assign the default policy on the client machine. If you want to use computer based policy then do not assign any users on the dlp policy manager console. Go to system tree, duplicate the dlp computer assignment policy and click on the policy and enable the protection rules and save. Once it is done, Goto system tree and assign the duplicated to the client machine.

           

          Thanks

          • 2. Re: ePO HDLP - Agent Configuration and Assigned Policy Agent Configuration
            howardmp

            Hello Sathish,

             

            Thanks for your advice - I now understand how the polices apply.

             

            I now have a seperate issue where DLP is working with gmail but not hotmail. Will post as a new question to avoid confusion.

             

            thanks

            Hugh