Enable monitoring settings for the Symantec Data Loss Prevention Endpoint Agent
Last Updated March 25, 2019
Use the Enable Monitoring area of the Channels tab to select the endpoint applications and destinations (channels) to monitor.
You can set specific monitor settings based on whether the endpoint is located on or off the corporate network by selecting Enable different monitoring settings for endpoints located on and off the corporate network.
Monitor the following destinations on Windows endpoints:
You can monitor the Removable Storage channel on Mac endpoints
Enable Clipboard monitoring for copy and paste operations to and from monitored applications.
Select Copy to monitor and prevent the data copied to Clipboards on Windows and Mac endpoints.
Select Paste to monitor and prevent the data pasted from Clipboards on Windows and Mac endpoints.
Some applications use paste operations that the endpoint user does not initiate, which may cause false positive incidents. Symantec advises that you test the application behavior before you enable Clipboard, paste monitoring.
You must also confirm that the application you want to monitor has been added to the Global Application Monitoring screen.
Select email applications to be monitored:
Outlook on Windows and Mac endpoints.
Lotus Notes on Windows endpoints.
Select web applications to be monitored.
You can monitor traffic on the following Web protocols:
IE (HTTPS) monitors HTTPS traffic for Internet Explorer on supported Windows endpoints.
Edge (HTTPS) monitors HTTPS traffic for Microsoft Edge on supported Windows endpoints.
Firefox (HTTPS) monitors HTTPS traffic for Firefox on supported Windows and Mac endpoints.
Chrome (HTTPS) monitors HTTPS traffic for Google Chrome on supported Windows and Mac endpoints.
Monitor Google Chrome running on Windows endpoints running in Metro mode by enabling the Application File Access feature.
Enable application file access by going to Application Monitoring > Google Chrome, and confirming that Monitor Application File Access is enabled.
Safari (HTTPS) monitors HTTPS traffic for Safari on supported Mac endpoints. Endpoint users must enable the Symantec extension to allow the DLP Agent to monitor Safari.
HTTP monitors HTTP traffic for Internet Explorer, Windows apps, Firefox, and Google Chrome on supported Windows endpoints.
FTP monitors FTP traffic, including traffic over Windows apps, on supported Windows endpoints.
Select applications to be monitored:
Application File Access to monitor Windows and Mac applications configured on the Application Monitoring screen.
Cloud Storage to monitor supported Windows and Mac cloud storage applications.
Select to monitor the files that are transferred to or from your local drive and a network share.
Select Copy to Local Drive to monitor files moved from network shares to Windows endpoint.
Select Copy to Share to monitor files moved from Windows and Mac endpoints to network shares.
You can also create filters in the agent configuration that monitor or ignore files by type, size, and path. The filters you create apply to both Mac and Windows endpoints.
Select to enable SEP Intensive file protection monitoring on Windows endpoints.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe