cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DavHio
Level 10
Report Inappropriate Content
Message 1 of 9
‎07-22-2020 05:18 AM

DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Hello all,

A short story of my problem:

A few days ago, I discovered that both our DLP policies was unreadable out of a sudden.

When I clicked the Policy Catalog > Data Loss Prevention 11.4 > DLP Policy > "Our Policy" I got a blank page. 

When I clicked the Policy Catalog > Data Loss Prevention 11.4 > Windows Client Configuration > "Our Policy" I got a "An unexpected error occurred."

This was indeed extremely frustrating since we didn’t do any changes to the system.

Note!! The rules where still intact and was functioning.

Anyway, I re-created the broken policies based on McAfee Default, because our "My Default" was broken as well, with new names and submitted a change request to our customer to change the policy on 20K computers.

I started to assign the new policy to a smaller batch of computers to begin with.

Now, I wanted to go in to the DLP Incident Manager and create a filter on incidents for computers with that new policy.

Now to the problem. When adding the Policy Name in Filter Criteria’s a list box with available policy names pops up. In that list I cant find the newly created policy, but I do find the previous, broken policy name.

When I select View and add the column Policy Name to the view, that column shows "None" for computers with the new policy, and the correct policy name for computers with the previous, but broken policy name.

When I go in to System Tree, select one of the computers I assigned the new policy’s, I can see that the new policies in the View Assigned Policies for that computer is assigned correct.

ePO 5.9.1

DLP Endpoint version: 11.4.0.452 

DLP Extension version: 11.4.0.17

Would appreciate any help!

0 Kudos
Reply
1 Solution

Accepted Solutions
jsubbura
Employee
Employee
Report Inappropriate Content
Message 8 of 9
‎07-23-2020 06:21 AM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Hi @DavHio ,

This is a bug in DLP 11.4 version and this is fixed in DLP 11.4.200 version.

You can get the DLP 11.4.200 RTS package to test in your test environment or you can wait for the General Availability of DLP 11.4.200 RTW package in the product download site.

In the Release notes of DLP 11.4.200 you can see the below,

"Fixed an issue with the McAfee DLP policy name reporting in the DLP Incident Manager."

to obtain the RTS package we advise you to raise a support case with McAfee Support so that the RTS package can be shared over the Service Portal to you.

 

Thank you.

Regards,
Jithendran S
Trellix Employee

View solution in original post

Reply
8 Replies
tucker84
Level 10
Report Inappropriate Content
Message 2 of 9
‎07-22-2020 10:23 AM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Have you rebooted the ePO server? 

What web browser are you using to access ePO? Try a different one. I've seen unknown errors just based on the browser. Since the policy appears fine it might the issue.

Reply
DavHio
Level 10
Report Inappropriate Content
Message 3 of 9
‎07-22-2020 11:58 PM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Hello, Thanks for the reply!

I tried Chrome and IE and none worked... No I didnt reboot the ePO Server. I can try doing that.

 

0 Kudos
Reply
DavHio
Level 10
Report Inappropriate Content
Message 4 of 9
‎07-23-2020 12:31 AM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Reboot didnt resolve the problem

0 Kudos
Reply
jsubbura
Employee
Employee
Report Inappropriate Content
Message 5 of 9
‎07-23-2020 01:38 AM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Hi @DavHio ,

Thank you for writing in here.

Question: 

Now, I wanted to go in to the DLP Incident Manager and create a filter on incidents for computers with that new policy.

Now to the problem. When adding the Policy Name in Filter Criteria’s a list box with available policy names pops up. In that list I cant find the newly created policy, but I do find the previous, broken policy name.

Suggestion: 

Are the Incidents generated from the client machine with the New Policy assigned? DLP Incident Manager will only have the Policy Names for which the Incidents were generated from the client machines.

 

Thank you.

 

Regards,
Jithendran S
Trellix Employee
Reply
DavHio
Level 10
Report Inappropriate Content
Message 6 of 9
‎07-23-2020 01:48 AM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Are the Incidents generated from the client machine with the New Policy assigned?
A. Yes

DLP Incident Manager will only have the Policy Names for which the Incidents were generated from the client machines.
A. Yes it shoud but is not.

0 Kudos
Reply
DavHio
Level 10
Report Inappropriate Content
Message 7 of 9
‎07-23-2020 02:04 AM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Old Policy name FJ_DLP_Policy_590 and FJ_Windows_Client_Configuration_590

New Policy name FJ_DLP_Policy-2020 and FJ_Windows_Client_Configuration_2020

Policy Assignment for one of the systems that got the new policies
1.PNG

Active Rule Sets for that policy
2.PNG

Systems with new policy assigned display None in the Policy Name column

3.PNG

New policy name is not available in the filter available values

4.PNG

 

0 Kudos
Reply
jsubbura
Employee
Employee
Report Inappropriate Content
Message 8 of 9
‎07-23-2020 06:21 AM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Hi @DavHio ,

This is a bug in DLP 11.4 version and this is fixed in DLP 11.4.200 version.

You can get the DLP 11.4.200 RTS package to test in your test environment or you can wait for the General Availability of DLP 11.4.200 RTW package in the product download site.

In the Release notes of DLP 11.4.200 you can see the below,

"Fixed an issue with the McAfee DLP policy name reporting in the DLP Incident Manager."

to obtain the RTS package we advise you to raise a support case with McAfee Support so that the RTS package can be shared over the Service Portal to you.

 

Thank you.

Regards,
Jithendran S
Trellix Employee
Reply
DavHio
Level 10
Report Inappropriate Content
Message 9 of 9
‎07-23-2020 06:49 AM

Re: DLP 11.4 - Incident Manager Filtering problem

Jump to solution

Thanks for the answer! Really appriciated!

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC