Forget the 9.4 it's total ruin in terms of Device Block. Look out for V10 which they releaed a few days ago. If you have complex rules and Devices you will not be satisfied with 9.4 for the DEVICE handling.
I've been looking around the forums for an answer to this but can't find anything.
I have just checked in the DLP version 126.96.36.1992 (were previously using 9.3.600.32) and succesfully added it as one of the packages in the deployment to the agents - this worked fine as my own PC was one of the first to update and I can see that it is now running this DLP version.
However, within the EPO, the button to enter the DLP configuration screen to block devices etc still shows as "DLP Policy 9.3".
My question is, now that I have checked in 9.4, should this show as "DLP Policy 9.4", and if so, how do I upgrade it?
You have to check in the updated DLP extensions to ePO, and then there's a migration task you have to run. It's all in the release notes and documentation.
DLPe 9.3 is Managed Separately from DLPe 9.4 and DLPe 10 - different policy configuration tools, different Incident Manager tools, different Permission Sets, different Server Tasks, etc.
The DLPe 9.4 and DLPe 10.0 Clients are not backwards compatible with the 9.3 policies.
The DLPe 9.4 and DLPe 10.0 Policies are not backwards compatible with the 9.3 Clients.
Think of it as DLP OLD (9.3 and older) and DLP NEW (9.4 and newer including 10.0).
DLPe 10 replaces DLPe 9.4.
DLPe 10 and DLPe 9.4 do NOT replace DLPe 9.3.
Client with 9.3 managed by 9.3 Extension.
Client with 9.4 managed by 9.4 Extension or 10 Extension.
Client with 10.0 managed by 10.0 Extension.
There is a Server Task to migrate the 9.3 Policies to 9.4/10 Policies.
There is a Server Task to migrate the 9.3 Incidents to 9.4/10 Incident Manager.
I am only testing 9.4 and 10.0 - so the following statements keep that in mind.
I have had good luck with the Incident Migration Server Task - only improvement I could see is for the migration task to account for the change in severity labels between 9.3 and 9.4/10 (Warning and Minor swap meaning).
I would advise to NOT use the Policy Migration - start from scratch building policies and configurations in 9.4/10.0
I think 9.4 is pretty great - it is a a major change from 9.3.x - building policies and classifications are much easier and much more powerful.
I have not had any issues with Device Control - all our current controls in place with 9.3 I have validated work in 9.4 - and work as expected.
9.4 is a bit more complicated in some regards - Rules within Rule Sets and Rule Sets defined in Policies - but we have found these complexities to be benificial to more granularly manage our environment and expose protection to a wider audience because we can have more defined rules for certain populations.
My suggestion, treat 9.4 as a new product, and play around with it to get a good understanding on how it works.
The components of 9.3 that build out its policies do not map 1:1 with 9.4/10.0 - and that is a good thing.
The V10 release looks more like a 9.4.XXX to me.
For thew Policy and Event Migration 9.3 > 9.4 there is a good video which explains all steps:
If you have Version earlier 9.4.100 YOU will have to migrated the POLICYS. Follow that video on how to do that: McAfee DLPe 9.4 Patch 1 - Policy Conversion & Events Migration - YouTube
* If you have 9.4.200 and update to Version 10 this is like a smaller update (You don't have to Migrated anything again).
* Clients will NOT need to reboot if you Update Agent 9.4 > 10
Here you see an Update from 9.4.200 to Version 10 on EPO 5.3.1
think 9.4 is pretty great - it is a a major change from 9.3.x - building policies and classifications are much easier and much more powerful.
> Yes, because they reduced what the product does by 50%?
Aehm maybe check out Release Notes for V10...
• An issue with bluescreen on startup when McAfee DLP Endpoint client is installed has been resolved by changing the default driver from COM/LPT to USB. (1139833) • Evidence storage now works as expected — no evidence is stored when Store Evidence is not selected in the rule definition. (1139834) • The Product properties for the McAfee DLP Endpoint section on the McAfee ePO System Tree | Systems Information | Products page now displays all properties, not just Product Version, Language, and Hotfix/Patch Version. (1139835) • McAfee DLP event and properties parsing no longer affect McAfee ePO performance. The resolution involves filtering specific events that cause the problem.(1139843) • The McAfee DLP Endpoint client now goes offline when the computer is shut down. (1139845) • The McAfee DLP handler for Internet Explorer no longer times out when files are uploaded to a customer internal portal based on IBM ECM Filenet. This applies to Microsoft Edge and Mozilla Firefox browsers as well as Internet Explorer. (1139831) • The email discovery Previous Run Date displayed in System Tree | Product Properties is now correct. (1139837)
Hi bretzeli ... the BSOD in "1139833" was it just general? or did it give a specific error # and message about thread release that it didn't own?
"A thread tried to release a resource it did not own."
Stop error: 0x000000E3
Suddenly started getting that just after logging into pc.
Wanted to find out if that may have been caused by this issue.