Enable monitoring settings for the Symantec Data Loss Prevention Endpoint Agent
search cancel

Enable monitoring settings for the Symantec Data Loss Prevention Endpoint Agent

book

Article ID: 174103

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Data Loss Prevention Endpoint Discover Data Loss Prevention Discover Suite Data Loss Prevention Enforce Data Loss Prevention Endpoint Suite Data Loss Prevention Enterprise Suite Data Loss Prevention Network Monitor Data Loss Prevention Network Email Data Loss Prevention Network Discover Data Loss Prevention Plus Suite

Issue/Introduction

Use the Enable Monitoring area of the Channels tab to select the endpoint applications and destinations (channels) to monitor.

  • You can set specific monitor settings based on whether the endpoint is located on or off the corporate network. This setting is done by selecting Enable different monitoring settings for endpoints that are located on and off the corporate network.

Resolution

Monitor the following destinations on Windows endpoints:

  • Removable Storage
  • CD/DVD
  • Local drive
  • Printer/Fax

You can monitor the Removable Storage channel on Mac endpoints

Enable clipboard monitoring for copy and paste operations to and from monitored applications.

Select Copy to monitor and prevent the data that is copied to clipboards on Windows and Mac endpoints.

Select Paste to monitor and prevent the data that is pasted from clipboards on Windows and Mac endpoints.

  • Some applications use the paste operations that the endpoint user does not initiate, which may cause false positive incidents. Symantec advises that you test the application behavior before you enable clipboard, paste monitoring.

You must also confirm that the application you want to monitor has been added to the Global Application Monitoring screen.

Select email applications to be monitored:

  • Outlook on Windows and Mac endpoints.
  • Lotus Notes on Windows endpoints.

 

Select web applications to be monitored.

You can monitor traffic on the following web protocols:

  • IE (HTTPS) monitors HTTPS traffic for Internet Explorer on supported Windows endpoints.
  • Edge (HTTPS) monitors HTTPS traffic for Microsoft Edge on supported Windows endpoints.
  • Firefox (HTTPS) monitors HTTPS traffic for Firefox on supported Windows and Mac endpoints.
  • Chrome (HTTPS) monitors HTTPS traffic for Google Chrome on supported Windows and Mac endpoints.

Monitor Google Chrome running on Windows endpoints running in Metro mode by enabling the Application File Access feature.

Enable application file access by going to Application Monitoring > Google Chrome, and confirming that Monitor Application File Access is enabled.

  • Safari (HTTPS) monitors HTTPS traffic for Safari on supported Mac endpoints. Endpoint users must enable the Symantec extension to allow the DLP Agent to monitor Safari.
  • HTTP monitors HTTP traffic for Internet Explorer, Windows apps, Firefox, and Google Chrome on supported Windows endpoints.
  • FTP monitors FTP traffic, including over Windows apps, on supported Windows endpoints.

 

Select applications to be monitored:

  • Application File Access to monitor Windows and Mac applications that are configured on the Application Monitoring screen.
  • Cloud Storage to monitor supported Windows and Mac cloud storage applications.

Select to monitor the files that are transferred to or from your local drive and a network share.

Select Copy to Local Drive to monitor the files that are moved from network shares to Windows endpoint.

Select Copy to Share to monitor the files that are moved from Windows and Mac endpoints to network shares.

You can also create filters in the agent configuration that monitor or ignore files by type, size, and path. The filters you create apply to both Mac and Windows endpoints.

Select to enable SEP Intensive file protection monitoring on Windows endpoints.

Powered by Wolken Software