3 Replies Latest reply on Dec 5, 2014 2:23 PM by vimalnavis

    Issue during DLP 9.3.100 endpoint to 9.3.300

    Laszlo G

      Hi everyone,

       

      I have seen a strange issue during DLP endpoint upgrade from 9.3.100 to 9.3.300. In fact everyone goes fine except because of the fact that computers won't report any DLP event until they have been rebooting.

       

      i.e:

      - before upgrading I trigger any email rule from the endpoint and then force sending events through McAfee Agent -> OK

      - after upgrading (and not yet rebooted) I trigger any email rule from the endpoint and then force sending events through McAfee Agent -> No events are sent

      - after upgrading and rebooting I trigger any email rule from the endpoint and then force sending events through McAfee Agent -> OK but all events between upgradind and rebooting computers don't appear anywhere.

       

      Is this a normal behaviour or am I missing something?

       

      Greetings,

      Laszlo

        • 1. Re: Issue during DLP 9.3.100 endpoint to 9.3.300

          You are seeing expected behavior. A reboot is mandatory for new installs and upgrades.

          • 2. Re: Issue during DLP 9.3.100 endpoint to 9.3.300
            Laszlo G

            Thanks for the answer vimalnavis,I know that a reboot is sometimes needed after installing or upgrading a McAfee product but the problem is that we cannot force a reboot after upgrading and we are loosing all DLP events until coputers have rebooted. If DLP agent stored events and after rebooting sent them to ePO it would be almost fine but these events have been lost forever and there will always be a gap between upgrade and reboot.

             

            Anyway, if this is as designed there's nothing more that can be done, that's for sure.

             

            Just another question: as we are only logging activity and evidences (not blocking at this moment so we cannot check wether the rules are applying or not)) would the DLP policies apply to computers between upgrading and rebooting the computers?

            • 3. Re: Issue during DLP 9.3.100 endpoint to 9.3.300

              DLPe policy is enforced only after the computer is rebooted, a user logs in and the McAfee Agent receive a policy from ePO.

              Which is one of many reasons why a mandatory reboot is very important.