Mcafee HDLP (HOST DATA LOSS PREVENTION) Reporting for USB activity by serverku

Here are instructions for EPO 4.5 (may differ slightly for EPO 4.0):

1. Logon to ePO console
2. Navigate to Menu | Reporting | Queries
3. Click New Query
4. Select Others for Feature Group and DLP Events for Result Types | Next
5. Select Table | Next
6. Remove all of the selected columns and add the following*:
   • Computer Name
   • User Name
   • Destination
   • Evidence Type
   • Evidence value
7. Click Next
8. Add the filter Event Type | Equals | DLP: Removable Storage Protection
9. Click Run and confirm you have the results you are looking for. If so click Save | Give the report a name and select a group to store it in | Click Save.

* You may want different columns these are just the ones that made sense to me given what you wish to query. The actual file name will be stored in the Evidence value column.