Drive Encryption communication architecture
Last Modified: 2024-01-06 09:40:26 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Drive Encryption communication architecture
Technical Articles ID:
KB71865
Last Modified: 2024-01-06 09:40:26 Etc/GMT Environment
Drive Encryption (DE) 7.x For environment information, see KB79422 - Supported platforms for Drive Encryption 7.x. SummaryThe table below shows the communication architecture for DE.
Delivery of client-server messages causes perceived policy enforcement slowdown or failure
One of the major changes in communication architecture is that most client-server messages are now sent using the ePO Event mechanism. DE relies solely on McAfee Agent (MA) to send its Events to the Agent Handler. Often, there can be a delay between DE creating an Event and passing it to MA and MA sending the Event up to the Agent Handler. This sequence of events can lead to the perception that nothing is happening on the client. But, DE is simply waiting for MA to dispatch its Events. When the Event is dispatched, the DE policy enforcement process continues.Because of this delay, the DE policy enforcement can continue after the MA status monitor reports that MA policy enforcement is complete. Unlike other Trellix-managed products, DE requires a complex sequence of client-server communications. This sequence is needed to request the user data before policy enforcement can be completed. The current policy enforcement state of DE is visible in the Drive Encryption Status Monitor on the client. When policy enforcement is complete, the status monitor shows "Policy enforcement complete." If the status displays a message similar to "Created get all users event," an Event is waiting to be sent up to the Agent Handler. Clicking Send Events from the McAfee Agent Status Monitor window sends the event immediately. Tip: If activation appears to have halted or policies have failed to be enforced, click Send Events from the McAfee Agent Status Monitor window. DE/ePO Architecture In the following diagrams:
NOTE: DE was formerly known as Endpoint Encryption for PC (EEPC). The diagram below shows references to EEPC but applies to DE.
Upstream ![]() Downstream ![]() Affected ProductsLanguages:This article is available in the following languages: |
|