We have a use case where we need to update set of keywords daily for a policy. Instead of updating policy want to have keywords added in a database table and update that table ?
Please share your thoughts and options other than manual updating keywords in a policy.
Thanks
Aadi
Hi,
What's the command to see current value sets for Oracle RAM?
I can see the default value in this KB but it doesn't mention steps to reproduct/view it:-
https://support.symantec.com/en_US/article.TECH219...
Regards,
Hi, I was wondering if anyone else ran into theis problem or if you could point out what I'm doing wrong.
I've been building some policies in my test system, and am buiding the policy with the following severity levels:
Default: "Info"
Set Severity: "High" - When Match Count: "Is Greater Than or Equals" - "100" matches
Set Severity: "Medium" - When Match Count: "Is Is Between" - "50" to "99" matches
Set Severity: "Low" - When Match Count: "Is Is Between" - "10" to "24" matches
There is a response rule in place to log to a syslog server regardless of classification level.
Symptom: Incidents are generated, but even if the incidents have only two or three hits they are marked as "High".
Any advice on where things are misconfigured?
Wondering if it's possible to monitor an endpoint using application monitoring on a Rightfax client in order to see the transmission of the fax request (or attachment upload) to the server that will conduct the actual fax transfer? Our client install path refers to 2 exe's and I wasn't sure which would need to be monitored so i tried both. Neither caught the test faxes (I have all channels in the Application Monitor App for those application checked in case is was print/fax or app mon that caught it). Agent Group I'm in for testing purposes has all channels turned on as well.
If the server is doing the actual action of the fax it makes sense that I can't see the web initiated faxes (except over https) as they're performed solely on the server side, but since most of my users leverage the endpoint client I was hoping DLP could see the initiation. Should that theorhetically work or is the action still server side?
Ian
Hello,
We've been having issues where EDPA agent randomly stops on machines. We use the clean utility then reinstall but every month we have random machines with the service stopping (same machines not necessarily repeating the stopped service)
Anyone else encounter this?
Error as below:
Failed to read sqlserver://IP:1433/DLP_Poc;instance=hostname; error: Unable to create a database connection: Unable to create connection: jdbc:jtds:sqlserver://IP:1433/DLP_Poc;instance=hostname Reason: Login failed for user 'hostname\Administrator'..
What id/access do DLP actually need to scan a database?
We've tried to adjust the syntax @ credentials....but keep failed... hmm
Dears,
We have a use case where we need to make sure that an email is beeing sent to the right recipient only.
Therefore, I wanted to add a detection exception searching for the recipient email in the attachment content.
Is it possible to advise if this is feasible with Symantec DLP platform?
In addition, any turn arounds that can cover this use case on symantec DLP are welcomed.
regards,
Joseph.
Hello,
I wonder what kind of browsing history it reads. The thing is, I'm singing in Chrome with my personal Google Account, so as many of you know who use Google services of course etc, we have access to all kinds of synced browsing history from the remaining devices with that google account used wherever we sign in.
So, having that said...this extension, does it have access only to what I surf on this station, or, it can access that pulled browsing history from the rest of the devices respectively from the google servers? I like to think it can't, because otherwise it would need proper access to my account which I need to approve first from my account settings.
Many thanks and sorry if this the wrong place to ask this kind of question.
Hello,
I need to check data transfer on Skype and other instant messaging through Endpoint DLP.
At this moment we are discussing Skype only and have 3 use cases.
My working so far:
Skype Application Monitoring is already enabled.
Policy created for Keyword detection – File Transfer is being detected and blocked for this policy
Another policy created for Endpoint Protocol (Application Access)
For 'Keyword detection while Typing', I have been informed that it won't work.
Need your usual support to fulfill these use cases.
Best Regards,
Atif
Hi,
I´m a consultant trying to help a customer with their DLP upgrade and I´m on the clock here. Here´s the problem I´m stuck on.
We are upgrading from DLP 15.0 to 15.1 and Oracle 11g to 12c (3-tier) The upgrade has gone without any problems so far. We are in the post upgrade process, but before implementing secure communication with the Oracle Database, we found that Enforce (installed on the D: drive) to Network Protect (installed on C: drive) servers were using built-in certs. There are no other hosts using DLP at the moment.
When creating certs using sslkeytool, I followed the procudure in DLP 15.1 Install guide, pages 58-60. After transfer of the certs to the keystores on the Enforce and Network Prevent servers, I restarted the services (mentioned on page 60). The Event logs on the Enforce server still warns about Built-in certs being used.
I have done this procedure before without any problems, in lab-environment, both on a new DLP 15.0 installation and on a upgrade to 15.1 installation (2-tier).
I tried the procedure two times and also a full reboot of the Windows 2012 R2 servers hosting Enforce and Network Prevent.
I tried the solution for issue 4180347 mentioned in 15.1 Release notes. The result seems to be that the NP server uses the new cert, but Enforce still uses the built-in cert. Connection betweed the servers is then broken, according to Overview in Enforce.
Anyone know of this issue or have any suggestions on how to proceed with troubleshooting?
Regards,
Rikard
Hello,
I'm actually trying to perform an install of Symantec DLP 15.1 on a Windows Server 2016.
I followed the installation guide but when I try to install the SingleTierServer (or just the Enforce), there is a java error during the initialisation of the database : Error initializing database data : Java process returned exit code -1.(See : error install.png)
I checked known issue on the release note but it does not match the problem (I don't have any strange path, password, I use default path,...) and did not found a similar issue on the forum.
Does anyone got this error at a point and know how to solve it ?
I attached the log created from the installation.
Hi all
I have a issue install flexresponse integration with symantec endpoint encryption. After I try to install flexresponse on windwos 10 DLP Agent 15.1.
The Error show message "PGPsdk.dll is missing" . How to resolve the issue?
Hi Everyone,
I have three tier installation running symantec DLP 15.0 version in three tier architecture.
The agents are already installed on endpoints and communicating with detection servers.
Unfortunately, The databse server has crashed and so i am unable to connect to enforce server.
Could anyone please help me how to recover the oracle database as the database has been installed on D Drive so all the files exists from the exisitng configuration.
Regards
Akshay
Hi All,
There is an environment of Symantec DLP 15.0 wherein the Enforce Server is installed on RHEL 7.4. It has been running successfully for a while after upgradation. However due to some issue this machine was rebooted and then subsequently, it fails at systemctl status systemd-logind.service with Failed to Login Service failure.
Assuming this to be an issue with the machine, various steps were attempted after reading articles such as https://unix.stackexchange.com/questions/321038/cannot-login-failed-to-start-login-service. However the machine was not able to be run successfully.
So, a new machine with RHEL 7.4 was setup (VM) and Enforce Server was installed on it using the EnforceReinstallationResources(config and keystore folders) method and here an issue was encountered "Failed to encrypt the password file" which was resolved using https://www.symantec.com/connect/articles/symantec-enforce-recovery-reinstall tips.
Running the Enforce Server, was able to access the Login Screen for DLP. The AD Integration was not showing so tried installing the relevant packages krb5 etc and then rebooted the machine.
So unfortunately, this new machine got stuck at the login as well and shows "Failed to Login Service Failure".
Is this an issue with RHEL 7.4 ?
Kind regards
Hi all
How to shrink database 11g on DLP version 14.0???
I want file script for run on oracle databse.
Hello All,
I know this is kind of weird question mostly because the idea of DLP is to prevent sensitive data from leaving the enterprise network/system.
But, I have been asked to check the feasibility of implementing policy which looks for incoming emails and its attachements for PII/PCI data and alert on it.
Protocol and endpoint monitoring does that for outgoing SMTP/HTTP traffic but I am not sure how can we tune this to look the other way around.
Any suggestions?
Hello,
Just wanted to get some expert advice as to why one would see an occasional mismatch in severities for a praticular policy or group of policies across one or more vectors. We have applied best practices for our clients and have an established severity matrix. I think there have been some potential issues with this in the past and even now for some folks. During the content extraction process is the severity level applied immediately?
DLP version 15.0, I tried to install with local admin and all user but same error message, Please suggest solutions for this issue, Can see attachment.
Hi Everyone,
when we are uploading a file in Gmail through Google Chrome Browser, I am getting a double pop up (if there is policy violation). How can I avoid the double up?
Madhukar
Hi,
I have 2 detection servers Network Monitor 15.1 in 2 different core switches but checking the incidents HTTPS are generated without having the HTTPS protocol enabled, someone can explain me why it generates this type of incidents or within this new version it already detects the encrypted traffic HTTPS Network Monitor natively.
Thanks and regards.