Wednesday, April 24, 2013

Solved: McAfee Host Data Loss Prevention Missing "RUN CLIENT TASK" option in Server Task

2:45 AM  Miraclesoul  2 comments

Solved: McAfee Host Data Loss Prevention Missing "RUN CLIENT TASK" option in Server Task




When we create a New Query for DLP and try to create a server task to lets suppose deploy DLP Agents on systems that have particular tag, for that we need to have the following:

1. Create a Query to filter machines with specific tag
2. Create Server task and select the query created in the first step
3. In Sub-Action select RUN CLIENT TASK NOW option to deploy DLP agents.

While we observer that only 3 options were showing instead of many options that should have been present.


but we have figured out that the option was missing as shown in the first figure, we did alotttttttttt of testing multiple creating queries and thanks to Mark from Mcafee DLP we were able to find out the cause.

SOLUTION

The RUN CLIENT TASK NOW options and many other options will only and only show when while creating the Queries, we select the Chart Type as "TABLE"



we selected this option for the chart type and were able to see RUN CLIENT TASK NOW option.
Read More

Deleting Events in MacAfee Host Data Loss Prevention (HDLP)

2:02 AM  Miraclesoul  32 comments

How to Delete Events in MacAfee Host Data Loss Prevention (HDLP)

1. GO TO DLP POLICY MANAGER



To verify that the events have been deleted, i am running the client task manually created to check the violations of Email Protection Rule.




There were many events coming up, after flushing the macafee DLP events as shown above, the entries were flushed.


Read More

Wednesday, April 10, 2013

How to uninstall Host Data Loss Prevention agent without using a challenge code

5:00 AM  Miraclesoul  10 comments

The solution has been taken from Mcaffee site:

 https://kc.mcafee.com/corporate/index?page=content&id=KB69151&cat=CORP_DATA_LOSS_PREVENTION_HOST&actp=LIST



Problem

Unable to uninstall Host Data Loss Prevention (Host DLP) when the Management Console has been deleted or is unavailable to provide a challenge code.

Solution

As designed, you cannot remove the Host DLP agent without the challenge key provided from the console unless the administrator has disabled the uninstall challenge-response mechanism in the policy. This is provided so that unauthorized users cannot remove the Host DLP agent unless the administrator explicitly configures the policy to allow it.

To configure the policy to allow unchallenged uninstalls:
  1. Log on to the ePO 4.x console.
  2. Click MenuData ProtectionDLP Policy.
  3. Set the Show Challenge-Response on uninstall option to Disable under the Advanced Configuration tab in the policy.

Workaround

Uninstall the agent through an ePO task on the affected computers:
  1. Log on to the ePO 4.5 console.
  2. Click System Tree.
  3. Create a new subgroup:
    1. Click System Tree ActionsNew Subgroup.
    2. Type a name for the group, and click OK.
    3. Select the affected computers.
    4. Click ActionsDirectory ManagementMove Systems.
  4. Select the newly created group and click OK.
  5. Create a new client task:
    1. Click the Client Tasks tab.
    2. Click New Task under Actions.
    3. In the Name field, type a name for the task. (for example, Remove DLP Agent.)
    4. In the Type field, select Product Deployment, and click Next.
    5. In the Products and Components field, select Data Loss Prevention 9.0.0.
    6. In the Action field, select Uninstall, and click Next.
    7. Click Next.
  6. Change the Schedule Type to Run immediately, and click Next.

    NOTE: The task is scheduled for the next time the McAfee Agent updates the policy. To force the installation to take place immediately, send an agent wake-up call.
     
  7. After the task has completed, restart the affected computers.
Read More

How to auto Sync Active Directory with Mcafee ePO 4.6

4:16 AM  Miraclesoul  19 comments

How to auto Sync Active Directory with Mcafee ePO 4.6

In order to  auto Sync Active Directory with Mcafee ePO 4.6 so that as soon as the new systems are added in the AD, they are replicated in the Mcafee ePO so the policies can be applied accordingly. We need to create a server task, please follow screenshots







Read More

How to auto Deploy Mcafee ePO 4.6 agents on Windows machines

4:11 AM  Miraclesoul  12 comments

How to auto Deploy Mcafee ePO 4.6 agents on Windows machines

In order to auto Deploy Mcafee ePO 4.6 agents on Windows machines we need to develop a Server task. Please follow the screenshots to have a view.










Read More

Tuesday, April 9, 2013

How To Setup McAfee Agent Handler

4:40 AM  Unknown  36 comments

How To Setup McAfee Agent Handler

Please see the following SNAP SHOT. Agent Handler can only be installed on Windows Server 2003 SP 2 and Windows Server 2008 in Windows environment.


Agent Handler SETUP can be found in McAfee ePO setup.





Setup will ask for details of your ePO sever and its administrator password.



After Installation is completed, Agent Handler will be visible in your ePO Server's System Tree Automatically.


Make a new Sub Group in System and Name it According to your need (e.g. Department name, Location etc.). this group will contain the systems that will communicate directly with the Agent Handler.


To see Agent Handler configuration , assignments and priorities please follow following SNAPSHOT.
Go to Menu, then Configuration and Click Agent Handlers.
  



On Agent Handler page click new assignment to create new assignment rule so that systems that are needed to communicate with Agent Handlers can be reached. Also this helps the Agent Handler to service the mentioned sub-nets or clients.


when you click new assignment tab following window will appear where you can give the details and configure your assignment rule and customize your Handler Priority.


Click on Policy Catalog to create the policy that allows desired agents to communicate with Agent Handler but not with ePO server. to Create policy Duplicate the existing MY Default policy of McAfee Agent's policies and name it as you want.


Click to edit Policy.

Add desired system to the Specific group on which agent handler policy needs to be applied.


do the following steps to change policy assignment. assign the policy which was created so that desired systems can communicate to agent handler to the group.



Agent Handler installation and configuration is completed. Now we have to verify that only desired systems are communicating with the agent handler. to do this we can perform following steps on host with agent.

                             
from upper SNAPSHOTS we can verify that the desired agents are communicating with the Agent Handler. to check the communication of other agents with ePO server we can perform following steps. do not get confused with the properties of McAfee agent. Run the update process to verify communication.


Important Ports that are needed for the Agent handler outbound and bi-directional communication.
Agents Handler Ports have been taken from official McAfee KnowledgeBaseMcAfee 

AgentHandler Official white paper can be viewed as a reference.
Read More

Wednesday, April 3, 2013

How to setup McAfee DLP email protection

10:28 PM  Miraclesoul  8 comments


McAfee DLP email protection

How to configure Mcafee DLP email protection

To configure McAfee DLP email protection you must first configure your tags

AFTER YOU’VE CONFIGURED TAGS, YOU CAN CONFIGURE EMAIL PROTECTION. HOW DO YOU DO THAT? LOOK BELOW TO  STEP BY STEP MCAFEE DLP EMAIL PROTECTION CONFIGURATION

Step 1 to configure Mcafee DLP email protection
Logon to your EPO and go to DLP Policy, click Add New from the Menu and click email protection rule, like in fig-1
Mcafee DLP email protection fig-1 mcafee dlp email protection




Step 2  to configure Mcafee DLP email protection
Right click on email protection rule that you created and in Email Destination field type the name of the rule.. In my case “out of company”. Select the email destination field, uncheck the box  from “your company” and check box from “Other email domain”
Mcafee DLP email protection  fig-2   mcafee dlp email protection







Step -3 to email protection
After this, click next until image displayed is like in fig 3. Here you must assign tag (ex. suppose we have Internal Use documents.) After creating a tag Internal Use, we must assign this tag  to our rule, like in fig.3
Mcafee DLP email protection
fig-3 email protection







Step 4 – to email protection
In fig-4 you must assign a reaction. Reactions can be: block, monitor notify user, request justification and store evidence. It depends to your wishes to assign what reaction you want. You can combine reactions .
Mcafee DLP email protection
fig-4 – email protection







Step 5 – to email protection
After that, you must assign this rule to a “group members” or to a “specific user”.
Mcafee DLP email protection
fig -5  - email protection







In this way you configure McAfee DLP email protection.
Read More

Mcafee HDLP (HOST DATA LOSS PREVENTION) Reporting for USB activity

4:23 AM  Miraclesoul  6 comments



Here are instructions for EPO 4.5 (may differ slightly for EPO 4.0):


  1. Logon to ePO console
  2. Navigate to Menu | Reporting | Queries
  3. Click New Query
  4. Select Others for Feature Group and DLP Events for Result Types | Next
  5. Select Table | Next
  6. Remove all of the selected columns and add the following*:
    • Computer Name
    • User Name
    • Destination
    • Evidence Type
    • Evidence value
  7. Click Next
  8. Add the filter Event Type | Equals | DLP: Removable Storage Protection
  9. Click Run and confirm you have the results you are looking for. If so click Save | Give the report a name and select a group to store it in | Click Save.

* You may want different columns these are just the ones that made sense to me given what you wish to query. The actual file name will be stored in the Evidence value column.
Read More

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More