Hi everybody,
I am new on this and already spent some time looking for a incident report that includes all technologies (Network, Endpoint, Discover, App, etc).
It is possible? Because all options I saw are separtly.
Thanks for your help.
Hello guys
So, I upgraded a DLP 15.0 system (single-tier) to 15.1.
15.0 has been installed in D:\SymantecDLP
The upgrade to 15.1 confused me completely. So 15.1 is now installed into D:\DLP
It is working, 15.1 is running smoothly.
BUT
Since the new system runs now out of the new folder structure, why do I still have the old "SymantecDLP" folders on my system? Can I delete this stuff?
The services are not called VontuXYZ anymore, so nothing is probably being used out of the old folders - or am I completely wrong?
Where is the Monitor Controller service gone?
How are the binaries now distributed in the folder structure?
Don't get me wrong, I am fine with it, but I could not find anything of relevance while searching. Upgrade guide? Meh. Admin guide? Nope.
If anyone could help me understanding, thanks in advance.
PS: Oh, before I forget - How is it possible to customize the standard, fancy dashboard?
I was trying to create a TAT report for the status of incidents but found that there is no automated report to extract the same. I wanted to know how this can be done usign the SQL queires or any other method.
i have custom data identifiers as a REGEX (about 85 different ones).
i have a test file which will make the regex for 5 different syntax 5 times each, but only one synatx will register 1 time, it doesnt match the duplicates.
has anyone else had this issue? what am i missing?
Hi,
I'm trying to deploy Symantec DLP 15.1 Agent on Endpoints via SCCM however this is failing. (Manual installation via cmd is successful)
Is there any way the SEP 14 Client (already installed) on the Endpoint can be interfering with the installation ? (I've also added exclusions to the DLP Agent Directory Program Files/Manufacturer/Endpoint Agent in the SEPM)
Kind regards
How do I define a user on DLP version 14 with no editing option (read-only)?
I was reading the "what's New" for DLP v15.5 and see they added a Data Identifier for Canadian Drivers License. If somoene using/POCing this version could you please copy and paste the patterns used into a reply? I'd like to see what Symantec is using compared to what I have.
Thanks in advance.
Hello
In the last several months, laptops that contain DLP Endpoint agent 14.6MP2 have been experiencing delays when moved via SMB from the local machine to remote file shares. The screen will display a file transfer screen and say "Calculating" up to several minutes. The larger the file, the longer the calculating lead time before an actual copy will begin. The "Calculating" and "file transfer" times seem to be about the same too.
When extracting logs at FINEST level, I see messages similar to below:
"INFO | FileSystem.FileUtilityService | Resolving access to file \\server\share\file.zip took longer than expected (elapsed interval 330 secs vs expected interval 30 secs)"
On the DLP Enforce Console, when I disable the agent, files will transfer quickly without issue.
Any ideas on what that log entry may indicate?
Thanks
We have experienced problems with the auto-upgrade method in the past (from 14.0 to 14.6, then 14.6MP2). We have been forced to upgrade manually, which is time consuming.
Have users on this forum had successful, large scale auto-upgrades go ok? We are considering trying this again from 14.6MP2 to 15.1, then 15.1MP1 (100+ detection servers, 1 enforce, 1 oracle)
Thanks
1) i am trying to implement policy which can help me to send specific document to only that appropriate domain. for example, document A belongs to company A. if user send document A to company B then it should block.
2) looking for list of public blacklisted domain
Please help me to resolve this problem
Hi All,
I've recently prepared a fresh lab for DLP 15.1. This was a two-tier deployment on workgroup machines. A virtual machine running windows server 2012 r2 was setup on which Oracle 12c was installed and the Listener and Local Net Service name was configured using the IP address of the virtual machine as the host name value.
Successfully created the database and when creating the oracle user for symantec dlp there was an issue where it was not finding the listener so this was resolved by editing the hosts file in etc to map the IP to hostname.
Now, the issue being faced in that after installing the Enforce when trying to access the web console i'm facing this error message,
HTTP Status 500 - Servlet.init() for servlet springmvc threw exception
The contents of the tomcat localhost log file,
06 Jan 2019 18:33:04,409- Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ocrThumbnailController' defined in URL [jar:file:/C:/Program%20Files/Symantec/Data%20Loss%20Prevention/Enforce%20Server/15.1/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/report/OcrThumbnailController.class]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.manager.report.OcrThumbnailController]: Constructor threw exception; nested exception is java.lang.UnsatisfiedLinkError: C:\Program Files\Symantec\Data Loss Prevention\Server Platform Common\15.1\Protect\lib\native\ImageUtilitiesJNI.dll: Can't find dependent libraries
06 Jan 2019 18:33:04,428- Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ocrThumbnailController' defined in URL [jar:file:/C:/Program%20Files/Symantec/Data%20Loss%20Prevention/Enforce%20Server/15.1/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/report/OcrThumbnailController.class]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.manager.report.OcrThumbnailController]: Constructor threw exception; nested exception is java.lang.UnsatisfiedLinkError: C:\Program Files\Symantec\Data Loss Prevention\Server Platform Common\15.1\Protect\lib\native\ImageUtilitiesJNI.dll: Can't find dependent libraries
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1105)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1050)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:776)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:861)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:541)
at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:668)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:634)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:682)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:553)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:494)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:136)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:293)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:290)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:325)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:176)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1215)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1140)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1027)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5037)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5347)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:727)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1126)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1868)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.manager.report.OcrThumbnailController]: Constructor threw exception; nested exception is java.lang.UnsatisfiedLinkError: C:\Program Files\Symantec\Data Loss Prevention\Server Platform Common\15.1\Protect\lib\native\ImageUtilitiesJNI.dll: Can't find dependent libraries
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:154)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:89)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$4.run(AbstractAutowireCapableBeanFactory.java:1093)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1090)
... 48 more
Caused by: java.lang.UnsatisfiedLinkError: C:\Program Files\Symantec\Data Loss Prevention\Server Platform Common\15.1\Protect\lib\native\ImageUtilitiesJNI.dll: Can't find dependent libraries
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1857)
at java.lang.Runtime.loadLibrary0(Runtime.java:870)
at java.lang.System.loadLibrary(System.java:1122)
at com.symantec.dlp.imagematching.imageutilities.jni.ImageUtilities.<init>(ImageUtilities.java:12)
at com.vontu.manager.report.OcrThumbnailController.<init>(OcrThumbnailController.java:65)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:142)
... 52 more
06 Jan 2019 18:33:04,437- StandardWrapper.Throwable
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ocrThumbnailController' defined in URL [jar:file:/C:/Program%20Files/Symantec/Data%20Loss%20Prevention/Enforce%20Server/15.1/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/report/OcrThumbnailController.class]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.manager.report.OcrThumbnailController]: Constructor threw exception; nested exception is java.lang.UnsatisfiedLinkError: C:\Program Files\Symantec\Data Loss Prevention\Server Platform Common\15.1\Protect\lib\native\ImageUtilitiesJNI.dll: Can't find dependent libraries
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1105)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1050)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:776)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:861)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:541)
at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:668)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:634)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:682)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:553)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:494)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:136)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:293)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:290)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:325)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:176)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1215)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1140)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1027)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5037)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5347)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:727)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1126)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1868)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.manager.report.OcrThumbnailController]: Constructor threw exception; nested exception is java.lang.UnsatisfiedLinkError: C:\Program Files\Symantec\Data Loss Prevention\Server Platform Common\15.1\Protect\lib\native\ImageUtilitiesJNI.dll: Can't find dependent libraries
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:154)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:89)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$4.run(AbstractAutowireCapableBeanFactory.java:1093)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1090)
... 48 more
Caused by: java.lang.UnsatisfiedLinkError: C:\Program Files\Symantec\Data Loss Prevention\Server Platform Common\15.1\Protect\lib\native\ImageUtilitiesJNI.dll: Can't find dependent libraries
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1857)
at java.lang.Runtime.loadLibrary0(Runtime.java:870)
at java.lang.System.loadLibrary(System.java:1122)
at com.symantec.dlp.imagematching.imageutilities.jni.ImageUtilities.<init>(ImageUtilities.java:12)
at com.vontu.manager.report.OcrThumbnailController.<init>(OcrThumbnailController.java:65)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:142)
... 52 more
06 Jan 2019 18:33:04,439- Servlet [springmvc] in web application [/ProtectManager] threw load() exception
java.lang.UnsatisfiedLinkError: C:\Program Files\Symantec\Data Loss Prevention\Server Platform Common\15.1\Protect\lib\native\ImageUtilitiesJNI.dll: Can't find dependent libraries
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1857)
at java.lang.Runtime.loadLibrary0(Runtime.java:870)
at java.lang.System.loadLibrary(System.java:1122)
at com.symantec.dlp.imagematching.imageutilities.jni.ImageUtilities.<init>(ImageUtilities.java:12)
at com.vontu.manager.report.OcrThumbnailController.<init>(OcrThumbnailController.java:65)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:142)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:89)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$4.run(AbstractAutowireCapableBeanFactory.java:1093)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1090)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1050)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:776)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:861)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:541)
at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:668)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:634)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:682)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:553)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:494)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:136)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:293)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:290)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:325)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:176)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1215)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1140)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1027)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5037)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5347)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:153)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:727)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1126)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1868)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
06 Jan 2019 18:33:04,539- Thread: 19 INFO [com.sun.jersey.api.core.PackagesResourceConfig] Scanning for root resource and provider classes in the packages:
com.vontu.enforcewebservices.domain.responserules.resources
com.vontu.enforcewebservices.config.exceptionmapper
06 Jan 2019 18:33:04,639- Thread: 19 INFO [com.sun.jersey.api.core.ScanningResourceConfig] Root resource classes found:
class com.vontu.enforcewebservices.domain.responserules.resources.ResponseRulesResource
06 Jan 2019 18:33:04,639- Thread: 19 INFO [com.sun.jersey.api.core.ScanningResourceConfig] Provider classes found:
class com.vontu.enforcewebservices.config.exceptionmapper.ResponseRuleExecutionServiceConfigurationExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.BadRequestExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.JsonProcessingExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.InternalServerExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.EOFExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.RequestParamExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.BaseExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.NotFoundExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.JacksonJsonProcessingExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.LicenseCheckingExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.ForbiddenExceptionMapper
class com.vontu.enforcewebservices.config.exceptionmapper.RBACCheckingExceptionMapper
06 Jan 2019 18:33:04,769- Thread: 19 INFO [com.sun.jersey.spi.spring.container.servlet.SpringServlet] Creating new child context from /WEB-INF/webservices-v1-spring.xml
06 Jan 2019 18:33:04,772- Refreshing Root WebApplicationContext: startup date [Sun Jan 06 18:33:04 PST 2019]; parent: Root WebApplicationContext
06 Jan 2019 18:33:04,773- Loading XML bean definitions from ServletContext resource [/WEB-INF/webservices-v1-spring.xml]
06 Jan 2019 18:33:05,803- Thread: 19 INFO [com.vontu.enforcewebservices.domain.responserules.scheduler.SchedulerStateMachine] The execution mode of Response Rule Execution Service has been set to NEVER
06 Jan 2019 18:33:06,237- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, badRequestExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.BadRequestExceptionMapper as a provider class
06 Jan 2019 18:33:06,237- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, baseExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.BaseExceptionMapper as a provider class
06 Jan 2019 18:33:06,237- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, EOFExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.EOFExceptionMapper as a provider class
06 Jan 2019 18:33:06,237- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, forbiddenExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.ForbiddenExceptionMapper as a provider class
06 Jan 2019 18:33:06,237- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, internalServerExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.InternalServerExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, jacksonJsonProcessingExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.JacksonJsonProcessingExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, jsonProcessingExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.JsonProcessingExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, licenseCheckingExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.LicenseCheckingExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, notFoundExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.NotFoundExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, RBACCheckingExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.RBACCheckingExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, requestParamExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.RequestParamExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, responseRuleExecutionServiceConfigurationExceptionMapper, of type com.vontu.enforcewebservices.config.exceptionmapper.ResponseRuleExecutionServiceConfigurationExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, jacksonObjectMapperResolver, of type com.vontu.enforcewebservices.config.jackson.JacksonObjectMapperResolver as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, JAXBContextResolver, of type com.vontu.enforcewebservices.config.jackson.JAXBContextResolver as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, ipUserMappingService, of type com.vontu.enforcewebservices.domain.ipusermappings.IpUserMappingService as a root resource class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, incidentRBACExceptionMapper, of type com.vontu.enforcewebservices.domain.responserules.exceptionmappers.IncidentRBACExceptionMapper as a provider class
06 Jan 2019 18:33:06,238- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, responseRulesResource, of type com.vontu.enforcewebservices.domain.responserules.resources.ResponseRulesResource as a root resource class
06 Jan 2019 18:33:06,239- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, connectorResource, of type com.vontu.enforcewebservices.resources.connector.ConnectorResource as a root resource class
06 Jan 2019 18:33:06,239- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, detectorConfigResource, of type com.vontu.enforcewebservices.resources.detectorconfig.DetectorConfigResource as a root resource class
06 Jan 2019 18:33:06,239- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, policyGroupResource, of type com.vontu.enforcewebservices.resources.policygroup.PolicyGroupResource as a root resource class
06 Jan 2019 18:33:06,239- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, ictTagResource, of type com.vontu.enforcewebservices.resources.tag.IctTagResource as a root resource class
06 Jan 2019 18:33:06,239- Thread: 19 INFO [com.sun.jersey.spi.spring.container.SpringComponentProviderFactory] Registering Spring bean, UIStatePersistence, of type com.vontu.enforcewebservices.resources.UIStatePersistence as a root resource class
06 Jan 2019 18:33:06,249- Thread: 19 INFO [com.sun.jersey.server.impl.application.WebApplicationImpl] Initiating Jersey application, version 'Jersey: 1.11 12/09/2011 10:27 AM'
06 Jan 2019 18:33:09,166- Deployment of web application directory C:\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\tomcat\webapps\ProtectManager has finished in 207,065 ms
06 Jan 2019 18:33:09,167- Deploying web application directory C:\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\tomcat\webapps\ROOT
........
....
06 Jan 2019 20:15:25,131- Thread: 136 INFO [com.hazelcast.nio.tcp.InitConnectionTask] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Connecting to /127.0.0.1:5701, timeout: 0, bind-any: false
06 Jan 2019 20:15:26,147- Thread: 85 INFO [com.hazelcast.nio.tcp.InitConnectionTask] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Could not connect to: /127.0.0.1:5702. Reason: SocketException[Connection refused: connect to address /127.0.0.1:5702]
06 Jan 2019 20:15:26,147- Thread: 136 INFO [com.hazelcast.nio.tcp.InitConnectionTask] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Could not connect to: /127.0.0.1:5701. Reason: SocketException[Connection refused: connect to address /127.0.0.1:5701]
06 Jan 2019 20:15:26,147- Thread: 136 WARNING [com.hazelcast.nio.tcp.TcpIpConnectionMonitor] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Removing connection to endpoint Address[127.0.0.1]:5701 Cause => java.net.SocketException {Connection refused: connect to address /127.0.0.1:5701}, Error-Count: 5
06 Jan 2019 20:15:26,147- Thread: 136 INFO [com.hazelcast.cluster.ClusterService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Old master Address[127.0.0.1]:5701 left the cluster, assigning new master Member [127.0.0.1]:5702
06 Jan 2019 20:15:26,147- Thread: 136 INFO [com.hazelcast.cluster.ClusterService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Removing Member [127.0.0.1]:5701
06 Jan 2019 20:15:26,147- Thread: 136 INFO [com.hazelcast.partition.InternalPartitionService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Removing Member [127.0.0.1]:5701
06 Jan 2019 20:15:26,147- Thread: 85 INFO [com.hazelcast.nio.tcp.InitConnectionTask] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Connecting to /127.0.0.1:5702, timeout: 0, bind-any: false
06 Jan 2019 20:15:26,162- Thread: 136 INFO [com.hazelcast.cluster.ClusterService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5]Members [2] {
Member [127.0.0.1]:5702
Member [127.0.0.1]:5703 this
}06 Jan 2019 20:15:26,162- Thread: 135 INFO [com.hazelcast.transaction.TransactionManagerService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Committing/rolling-back alive transactions of Member [127.0.0.1]:5701, UUID: 422b0d67-b159-403b-8c85-6996ef67e578
06 Jan 2019 20:15:27,162- Thread: 85 INFO [com.hazelcast.nio.tcp.InitConnectionTask] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Could not connect to: /127.0.0.1:5702. Reason: SocketException[Connection refused: connect to address /127.0.0.1:5702]
06 Jan 2019 20:15:27,162- Thread: 85 WARNING [com.hazelcast.nio.tcp.TcpIpConnectionMonitor] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Removing connection to endpoint Address[127.0.0.1]:5702 Cause => java.net.SocketException {Connection refused: connect to address /127.0.0.1:5702}, Error-Count: 5
06 Jan 2019 20:15:27,162- Thread: 85 INFO [com.hazelcast.cluster.ClusterService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Old master Address[127.0.0.1]:5702 left the cluster, assigning new master Member [127.0.0.1]:5703 this
06 Jan 2019 20:15:27,162- Thread: 85 INFO [com.hazelcast.cluster.ClusterService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Removing Member [127.0.0.1]:5702
06 Jan 2019 20:15:27,162- Thread: 85 INFO [com.hazelcast.partition.InternalPartitionService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5] Removing Member [127.0.0.1]:5702
06 Jan 2019 20:15:27,162- Thread: 85 INFO [com.hazelcast.cluster.ClusterService] [127.0.0.1]:5703 [enforceMessaging] [3.6.5]....
Kind regards
Muhammad Ahmad Gul
Do you have Health Check tool for a DLP to test base line as well as system configurations, and security settings against state of the art rules and best practices
Hi, I need help troubleshooting why a certain endpoint is not scanning the files I transferred from the endpoint.
I have confirmed that on the agent configuration side, I am monitoring on Removable Storage, Printing, Firefox and FTP. And the UI Scan is set to visible.
But when I transfer the files, the files were transferred normally without triggering the "Scanning for sensitive data" window which indicates the files are being scanned.
So what should I do to troubleshoot and what logs should I be looking at?
Fyi, I have reinstalled the agent and issue persists. EDPA and WDP are running.
Hi,
I'm trying to create a DLP Policy where in I can detect any email sent which has an embedded source code in the attachment of the email.
I need suggestions on how can I create such a policy.
I'm upgrading my Symantec vontu from 12.5 to 15.1 but I'm facing errors while migrating the policies.
Is there anyway I can export the old policies to the new version?
Does the new version support the older version's policy templates?
Hello,
I've just installed a new DLP environment, version 15.1. I disabled the use of the default certificates for Enforce-Detection server communications, and am trying to generate new certificates.
I generated two certificates using the following command from the Protect\bin folder: ssskeytool -genkey
This created the two certificates: enforce.[timestamp].sslkeystore and monitor.[timestamp].sslkeystore.
I moved the enforce certificate from the bin folder to the keystore folder (E:\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\keystore, I installed DLP on E:\Symantec. The directions in the Install Guide said to place the Enforce certificate in Symantec\Data Loss Prevention\Enforce Server\15.1\keystore, but that folder did not exist).
I copied the monitor certifcate to the two Endpoint servers that I have set up so far. I placed each of them in E:\Symantec\Data Loss Prevention\Detection Server\15.1\Protect\keystore. I also made a new folder in the keystore folder on the Enforce server and copied the monitor certificate into there, just as a place to keep it backed up.
I then restarted the Detection Server Controller service on the Enforce server, and the Detection Server service on the two endpoint servers.
However, the Enforce server still can't communicate with the two Endpoint servers. They're both still listed with an Unknown status in the server list, and the Enforce server still shows an event 2709: Using built-in certificate when it starts back up.
What do I need to do to get the Enforce server to use the generated certs, and get it talking to the detection servers? Thank you!
Hello All,
I have one query/question regarding implementing an exception into DLP policy and below is my scenario which I want to achieve.
Suppose I have 30 different files and each of them have a unique identifier (Keyword or string) from any pdf or word file. I want to add an exception that if each identifier matches with its own file, then DLP should not block that incident, but if even single one missing or not matches with the files attached with an E-mail DLP should block that incident. I hope you would have understood my question/query.
Attached image might help to better understand the above scenario.
All,
Working with Symantec's DLP product I've been trying to figure out if it's possible to use compound logic. In that I mean the normal rules in DLP consist of multiple OR statements and can be combined with other groups of OR statements via AND's. The situation i'm in is that we're looking for various rules combined with 1 of 2 other rules for a policy. We want to find events that are matching the various rules AND one of the 2 other conditions (which are a subject line and a body text keyword match). The trouble i'm getting into is that we have ~20 rules and then have to have a rule 'bundle' for each of the other rules we want to combine them with.
So you end up with something akin to the following (note that Condition 1 is used twice intentionally as it pertains to my situation)
CONDITION 1
OR
CONDITION 2
AND
CONDITION 1
OR
CONDITION 3
ETC.
Whereas Ideally, I'd like to be able to do something like this:
[CONDITION 1 OR CONDITION 2 OR CONDITION 3 (ETC.)] AND [SPECIAL CONDITION 1 OR SPECIAL CONDITION 2]
Or something to that extent. Otherwise I'm stuck making 40+ rules and it's going to be a terrible mess.
Does someone have a list of the standard dashboard views and reports that come availalble and already configured for use? I'm not finding anything available online to this point and would like to preview this information as part of further consideration for the install & POC of IT Analytics in combination with DLP. Thanks.
Hi All,
I'm installing a DLP Detection Server on Windows Server 2012 R2 (Patched). However after installing the ServerJRE.msi and during the installation of DetectionServer.msi the following errors show up,
The installation is being done using the local Administrator Account. When clicking on Retry and proceeding then the following error shows up,
Any assistance in resolving this issue would be much appreciated.
Kind regards