6 Replies Latest reply on Jul 27, 2016 5:03 PM by tg2

    McAfee DLP Update

    tomcamish

      Hi all,

       

      I've been looking around the forums for an answer to this but can't find anything.

       

      I have just checked in the DLP version 9.4.200.652 (were previously using 9.3.600.32) and succesfully added it as one of the packages in the deployment to the agents - this worked fine as my own PC was one of the first to update and I can see that it is now running this DLP version.

       

      However, within the EPO, the button to enter the DLP configuration screen to block devices etc still shows as "DLP Policy 9.3".

       

      My question is, now that I have checked in 9.4, should this show as "DLP Policy 9.4", and if so, how do I upgrade it?

       

      Many thanks,

        • 1. Re: McAfee DLP Update
          bretzeli

          Forget the 9.4 it's total ruin in terms of Device Block. Look out for V10 which they releaed a few days ago. If you have complex rules and Devices you will not be satisfied with 9.4 for the DEVICE handling.

          • 2. Re: McAfee DLP Update
            PhilR

            tomcamish wrote:

             

            Hi all,

             

            I've been looking around the forums for an answer to this but can't find anything.

             

            I have just checked in the DLP version 9.4.200.652 (were previously using 9.3.600.32) and succesfully added it as one of the packages in the deployment to the agents - this worked fine as my own PC was one of the first to update and I can see that it is now running this DLP version.

             

            However, within the EPO, the button to enter the DLP configuration screen to block devices etc still shows as "DLP Policy 9.3".

             

            My question is, now that I have checked in 9.4, should this show as "DLP Policy 9.4", and if so, how do I upgrade it?

             

            Many thanks,

             

            You have to check in the updated DLP extensions to ePO, and then there's a migration task you have to run.  It's all in the release notes and documentation.

             

            Cheers,

             

            Phil

            • 3. Re: McAfee DLP Update
              nicholas.klebs

              DLPe 9.3 is Managed Separately from DLPe 9.4 and DLPe 10 - different policy configuration tools, different Incident Manager tools, different Permission Sets, different Server Tasks, etc.

               

              The DLPe 9.4 and DLPe 10.0 Clients are not backwards compatible with the 9.3 policies.

              The DLPe 9.4 and DLPe 10.0 Policies are not backwards compatible with the 9.3 Clients.

               

              Think of it as DLP OLD (9.3 and older) and DLP NEW (9.4 and newer including 10.0).

               

              DLPe 10 replaces DLPe 9.4.

              DLPe 10 and DLPe 9.4 do NOT replace DLPe 9.3.


              Client with 9.3 managed by 9.3 Extension.

              Client with 9.4 managed by 9.4 Extension or 10 Extension.

              Client with 10.0 managed by 10.0 Extension.


              There is a Server Task to migrate the 9.3 Policies to 9.4/10 Policies.

              There is a Server Task to migrate the 9.3 Incidents to 9.4/10 Incident Manager.


              I am only testing 9.4 and 10.0 - so the following statements keep that in mind.


              I have had good luck with the Incident Migration Server Task - only improvement I could see is for the migration task to account for the change in severity labels between 9.3 and 9.4/10 (Warning and Minor swap meaning).

              I would advise to NOT use the Policy Migration - start from scratch building policies and configurations in 9.4/10.0

               

              I think 9.4 is pretty great - it is a a major change from 9.3.x - building policies and classifications are much easier and much more powerful.

              I have not had any issues with Device Control - all our current controls in place with 9.3 I have validated work in 9.4 - and work as expected.

               

              9.4 is a bit more complicated in some regards - Rules within Rule Sets and Rule Sets defined in Policies - but we have found these complexities to be benificial to more granularly manage our environment and expose protection to a wider audience because we can have more defined rules for certain populations.

               

              My suggestion, treat 9.4 as a new product, and play around with it to get a good understanding on how it works.

              The components of 9.3 that build out its policies do not map 1:1 with 9.4/10.0 - and that is a good thing.

              • 4. Re: McAfee DLP Update
                bretzeli

                The V10 release looks more like a 9.4.XXX to me.

                 

                For thew Policy and Event Migration 9.3 > 9.4 there is a good video which explains all steps:

                 

                https://www.youtube.com/watch?v=sc7eia_Si3o

                 

                If you have Version earlier 9.4.100 YOU will have to migrated the POLICYS. Follow that video on how to do that: McAfee DLPe 9.4 Patch 1 - Policy Conversion & Events Migration - YouTube

                 

                * If you have 9.4.200 and update to Version 10 this is like a smaller update (You don't have to Migrated anything again).

                * Clients will NOT need to reboot if you Update Agent 9.4 > 10

                 

                Here you see an Update from 9.4.200 to Version 10 on EPO 5.3.1

                     

                 

                • 5. Re: McAfee DLP Update
                  bretzeli

                  think 9.4 is pretty great - it is a a major change from 9.3.x - building policies and classifications are much easier and much more powerful.

                   

                  > Yes, because they reduced what the product does by 50%?

                   

                  Aehm maybe check out Release Notes for V10...

                   

                  Other issues

                  An issue with bluescreen on startup when  McAfee DLP Endpoint client is installed has been resolved by changing the default driver from COM/LPT to USB. (1139833
                  Evidence storage now works as expected — no evidence is stored when  Store Evidence is not selected in the rule definition. (1139834
                  The Product properties for the  McAfee DLP Endpoint section on the  McAfee ePO   System Tree | Systems Information | Products page now displays all properties, not just Product Version, Language, and Hotfix/Patch Version. (1139835
                  McAfee DLP event and properties parsing no longer affect  McAfee ePO performance. The resolution involves filtering specific events that cause the problem.(1139843
                  The  McAfee DLP Endpoint client now goes offline when the computer is shut down. (1139845
                  The  McAfee DLP handler for Internet Explorer no longer times out when files are uploaded to a customer internal portal based on IBM ECM Filenet. This applies to Microsoft Edge and Mozilla Firefox browsers as well as Internet Explorer. (1139831
                  The email discovery  Previous Run Date displayed in  System Tree | Product Properties is now correct. (1139837)
                  • 6. Re: McAfee DLP Update
                    tg2

                    Hi bretzeli ... the BSOD in "1139833" was it just general? or did it give a specific error # and message about thread release that it didn't own?

                     

                    "A thread tried to release a resource it did not own."

                    Stop error:  0x000000E3

                     

                    Suddenly started getting that just after logging into pc.

                     

                    Wanted to find out if that may have been caused by this issue.

                     

                    Thank you!!