3 Replies Latest reply on Mar 10, 2017 3:22 PM by nicholas.klebs

    DLP 10, USB pop-up question

    meciar

      We are testing out DLP 10 and I decided to try turning off the user notification (ie, not have any pop-up display when a usb device is plugged in). But I left the Report incident button checked off like this:

      After I turned off the user notification, no incidents were logged either locally on the systems or to ePO. Is this expected behavior? I was hoping to first 'silently' collect information about what external devices are being plugged into systems and then when we start performing actions (ie, block) then we would notify users.

        • 1. Re: DLP 10, USB pop-up question
          hhoang

          Correct, that configuration should silently monitor whatever devices you have configured to trigger.  You may want to double check that the client system you are testing with has the correct policy/policy revision and that the device you are testing with meets the criteria for the rule.  If you enable debug logging it will also report exactly how DLP is seeing the device and what reaction it is taking based on the policy it is enforcing locally.  Logs are here if you are not familiar with them: 

           

          c:\programdata\mcafee\dlp\temp\logs

          • 2. Re: DLP 10, USB pop-up question
            nicholas.klebs

            I think I am observing the same issue/behavior - did you find out a resolution or any further information on this ?

            • 3. Re: DLP 10, USB pop-up question
              nicholas.klebs

              My issue turned out to be a Device Definition issue that I am opening an SR about - Device Rule containing a Device Definition defined by Property “USB (VID/PID Codes)” with VID and Description defined, but PID not defined - causes DLPe to crash and Device Control doesn't work until the watchdog service restarts DLPe.