1 2 Previous Next 10 Replies Latest reply on Aug 17, 2016 1:56 PM by bola.2911

    DLP 9.4 Incident Manager, no incidents generated/displayed.


      Hi all,


      I am busy trying to implement DLP 9.4 in our environment. Currently I just want a policy to monitor USB devices to report on what USB devices are being used on our network.

      I had this working perfectly with DLP 9.3 where it would monitor and report on USB devices being plugged in. 9.3 incident manager gave details on events, such as product ID and vendor ID, which I then used later for exclusions when creating a blocking policy.

      For some reason with DLP 9.4 I cannot view any events under the DLP incident manager and when I look at the agent on workstations events are not generated when USB devices are plugged in. When set to read only the device is prevented from being copied to and the error is displayed but no event is generated on the agent or passed to the server.


      I need to setup the monitoring of USB devices so I can see what is being used in our environment before locking down USB's, but how can I do this if I cannot generate any data on what is out there?


      I am using:

      McAfee Agent

      DLP Endpoint

      ePO 5.1.1 (Build: 357)


      Reaction settings for Removable storage device rule

      Prevent action: Read-only

      User notification: Removable storage protection user notification

      Report Incident: Ticked

        1 2 Previous Next