Folks,
Good afternoon. Does anyone know how to format Sharepoint URL online (O365) for DLP indexing (IDM) use?
I know and I already use Sharepoint on-premise WebDAV, but I can not do the same with O365 Sharepoint. I've read that Sharepoint's O365 also uses WebDAV for drive mapping.
Has anyone done anything similar that might help?
Thanks!
Need help,
I have situations where I have to replace the dlp servers (three tiers) with the new ones (physically), what the most important thing to do first? (Old servers have same specs as the new ones,the difference only on Windows 20012 to 2016),
- is there any steps or link that I can try as a guide (video or some screenshots will be helpful),
- confused about the oracle
Thanks
Hello all,
Trying to get a better understanding of how DB scanning works. Per the Admin guide: " Scanning of SQL databases occurs for a specific set of column data types. The SQL Database scan extracts data of the following Java Database Connectivity (JDBC) types:
CLOB, BLOB, BIGINT, CHAR, LONGVARCHAR, VARCHAR, TINYINT, SMALLINT, INTEGER, REAL, DOUBLE, FLOAT, DECIMAL, NUMERIC, DATE, TIME, and TIMESTAMP.
The mapping between these column types and those of a specific database depends on the implementation
of the JDBC driver for the scan.
Does the scan go through each colum and row looking to match the contents of the said colum/row against a specific set of policies?
Hi All,
If anybody can provide me DLP Discover Suite Datasheet. which components are included in Discover Suite. I saw other forum comment that it can be found in Data Loss Prevention 15.0 Licensing Guide. If yes, kindly please lead me to this guide.
Thanks
Hi All,
Any idea of bellow error?
An unexpected error has occurred. This could be due to one of the following: 1) Your session timed out and you selected a link that was no longer valid, 2) You used the browser back or forward button placing the system into an inconsistent state, or 3) The system experienced a temporary problem.
This appear after we deleted DLP Endpoint server and tries to add it back, it will just keep prompting in a loop
Tried to restart Enforce services and evern rebooted it
DLP is 3 tier setup
Has anyone had any success in modifying the alerting message being presented to end users when the policy calls for this as part of the response rule?
There are two aspects with this request...
Without this functionality, we cannot proceed in the next step of the strategy of communicating to our constituents that they are about to exfiltrate information that has been deemed not to exit the organization. Executives have mandated that this must come first before we start actually blocking.
My thoughts are this should be a simple XML file in which the content can be modified to present our specific messages. Am I wrong?
Thanks....
Hi,
How we can detect two mobile numbers in one line or one row of excell using Data Identifiers. For Example:
| 9214445525 | 9215553545 | 21 sec |
| 9233332323 | 9214567777 | 67 sec |
I tried below regex but it did not worked.
\d{10}.*\d{10}I appreciate any help.
Hallo DLP expert i need help,
the situation : replacing old servers with new ones (ip and hostname using the old one not changed),(same specs),
after installation network monitor server and add into the enforce the status version : unknown and 0% cpu usage and other N/A's
thank's
Dwi
Hi DLP Users,
Just want to share a solution to a strange problem I encountered.
After a Enforce server reboot, we could not login into Enforce console. The Enforce web console was redirecting to: ProtectManager/GlobalDialog?type=NOT_FOUND and was stuck in a loop (404).
When looking in the Tomcat log files we saw an error: ORA-01654: unable to extend index PROTECT.SYSTEMEVENT_FB4A by 128 in tablespace USERS
The solution was to extend the tablespace of USERS table in SQL PLUS / Oracle using this article: https://support.symantec.com/us/en/article.tech220...
I have seen multiple threads (locked) that did not provide this solution but focus on TNS Listener/DB Account lockouts.
Hope this information helps someone!
Hi all,
I am in urgent need of the Symantec DLP ORacle 64bit Installation tools (database template, oracle create user etc). Unfortunately this is not available anywhere (Even Symantec support cannot provide a copy).
I would appreciate assistance on this front if somebody could share / upload a copy of the 14.5 installation tools?
Cheers,
Denis
Hi,
I have a policy name is File A with rule to detect by keyword. I want to monitor and block when endpoint copy file A to USB and HTTP/HTTPs so I enable option Removable Device and HTTPS, HTTP on Agent Configuration. I config Response Rule with Endpoint Prevention: Block when any protocol as Removable Device, HTTPS, HTTP, everything is okay. But I have another policy name File B to classify another file and I want to monitor when it is copied to network file server --> I enable option Copy to Network Share on Agent Configuration. And DLP Agent still sent the log of File A when I copy it to File Server. How can I disable it because I only need log of File B when It is copied to File Server ?
Thank in advance.
Hello everybody,
does anybody have experience with Scanning Informix DB using JDBC connector in Symantec DLP 15 ? I know although it is not officially supported , still we manage to connect to database and read tables, but after that i guess it is time for row selector query and we get syntax errors for each table.
This is content of SQLcrawler file:
# IBM Informix
driver_class.informix-sqli = com.informix.jdbc.IfxDriver
driver_subprotocol.informix-sqli = informix-sqli
driver_table_query.informix-sqli = SELECT TRIM(owner) || '.' || tabname FROM systables WHERE tabid > 99 AND tabtype = 'T';
driver_row_selector.informix-sqli = SELECT first {2} {1} from {0}
driver_jar.informix-sqli = ifxjdbc.jar
quote_table_names.informix-sqli = true
This is sample of errors we get:
error: Unable to extract the data from table: informix.anastavka: A syntax error has occurred.."
error: Unable to extract the data from table: informix.blokadaknjizenja: A syntax error has occurred.."
etc...
This is example of connection string:
informix-sqli://server:1525/database:INFORMIXSERVER=server;DB_LOCALE=cs_cz.CP1250;CLIENT_LOCALE=cs_cz.CP1250
Thank you in advanced.
Dear Team,
.gif file not Supported/Extracted by OCR in any of the DLP versions, as per admin guide. So, is there any resolution for this as Client expecting support and detection of .gif extraction on OCR as well.
Hello guys,
I need to be able monitor only specifit printers where confidential information is being print. After created a policy and a rule with the "Printer/Fax" protocol, How could I monitor only specifit printers?
Is it possible to use any out-of the box configuration or some sort of customization is required?
Our printers names following this pattern:
\\PrintServer1.domain.com\Printer1
\\PrintServer1.domain.com\Printer2
\\PrintServer2.domain.com\Printer3
Hello everybody,
I want to configure SMTP settings on the DLP, the company is using office 365 for email. We created a new user on the office365s like dlp@mycompany.com, and give it a password, we can successfully login with this acoount and see inbox. And enforce server succesfully telnet smtp.office365.com on port 587. Then we configured smtp settings on enforce like;
Server : smtp.office365.com
System mail: dlp@mycompany.com
User ID : dlp@mycompany.com
Password: <pasww of dlp@mycompany.com>
And In the Reports and Alerts section, we selected "Send report data with emails"
After that, we created a new alert,
In the alert we configured to send email notification when event ID 2112 is occured. (Lookup Plugin reload event id). After this configuration we reloaded lookup plugin and saw this event on the enforce server; but there is no email notification.
Is this correct? Or do I need to configure anything other than I mentioned above?
What is the best way to clean uninstall if we have different versions of DLP? As i understand different versions of DLP require its own unique clean agent.exe
this means we have to copy all the clean agent versions to the local pc and have to script determine which agent is installed then run the clean agent.
How do you guys do it? can you provide sample script?
Hi,
I am writing script to check the state, CPU,Memory Utilization,Disk Utilization, Alert of Enforce Server, Endpoint Server and Network Prevention for Web. I tried to select information in Oracle Database but I only find information about state (Endpoint and ICAP) in table ENDPOINTCHANNEL and ICAPCHANNEL. I can't find more information.
Do you know table_name where these informaton is stored ?
Thank you
Hi Folks ,
I was referring to the below article which talks explicity about the entries that should be there on sudoers.d file for Netmon Installs which is as below :
https://support.symantec.com/us/en/article.tech251727.html
# Vontu service user
Defaults:SymantecDLP !requiretty
SymantecDLP ALL= NOPASSWD: /bin/mount, /bin/umount, /usr/bin/sshfs
SymantecDLP ALL= NOPASSWD: /lib64/ld-linux-x86-64.so.2 --library-path /opt/Symantec/DataLossPrevention/Detection Server/15.1/Protect/lib/native\:/opt/Symantec/DataLossPrevention/Server JRE/1.8.0_162/lib/amd64/server /opt/Symantec/DataLossPrevention/Detection Server/15.1/Protect/bin/PacketCapture *
I would like to know specific mount point names that will be required for the one highlighted in bold?
Is there any way we can check at the application logs that may indicate the mount points used ?
Any suggestion/help is appreciated !
Cheer's
Ridhi Singh
Hi, I think I know the answer to tis question but wanted to see if someone could verify for our DB Admins.
Background:
We currently have DLP verrsion 15 and are moving to version 15.5. Since version 15 is on old hardware and EOL O/S we are going to do a fresh install of 15.5 in parallel with 15.
Question:
Is it required for “protect” to be the database name (we only have one database server)?
Is it OK to create a new DB called “protect2” or something like that for the new install without creating any issues?
I couldn't find anything related to this... Any help is greatly appreciated. Thanks.
Hello all,
I am trying to scan a Solaris File System (64-bit) by enabling and exposing the file system via NFS. On a Unix platform, in order to parse a file system you need root or root like privileges. Does anyone from out there have an understanding of what level of access a service account requires in order to scan a Unix file system like Solaris? Any guidance is greatly appreciated. Thank you.