Currently, Symantec DLP does not store the LDAP key encrypted. There is an enhancement filed for this feature under PM-781. However, there might be a workaround that could be put in place to ensure that this file is not read by outside sources.

This is not a supported or certified procedure within Symantec DLP products and must be tested by the customer to assess whether or not this fulfills the requirements of the customer.

Windows EFS could make the properties file more secure against some threats, and would not require a Symantec DLP product enhancement. It would protect the file against being read straight off the disk or being read by any user, other than the protect user and perhaps the local administrator account.

To encrypt the file under EFS, the client must run the following "cipher" command from the command line:

Example (replace Vontu with correct path and OS file structure):

cipher /e /a Vontu\Protect\config\ldap.properties