-
Symantec Articles
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
Netskope Articles
- Articles coming soon
-
CloudKnox Articles
- Articles coming soon
-
O365
- Articles coming soon
-
DLP Programmes
-
How To Guides
4.5 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 100% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |
Creating a new scan
In order to create a new scan, go to Manage -> Discover Scanning -> Discover targets.
From here to go new target, and then choose the applicable new scan you would like to add (in this case File System).
From here you can enter the name of the scan and select which policy group(s) you would like it to scan for.
Below General you have Scan Execution which lets you set how the scan is run. You have the option to run a full scan, an incremental scan or a full scan with subsequent scans being incremental.
Additionally you can use Incremental Indexes from Available Discover Targets and Add or Remove them to Selected Discover Targets.
Under this you will find the Scan Schedule box, from here you can select scans to run on a schedule or alternatively choose certain time frames to pause the scan at certain times on chosen days.
On the Targeting tab you can decide whether to use a single server for scanning or to use all selected severs for scanning in a grid (use single sever is the default setting).
On the Scanned Content tab you can choose which Content to scan and which Credentials to use.
In the Default User box you can use Saved Credentials should you have them or put in Custom Credentials consisting of a Name and Password.
In the Content Roots box you can select what you would like to scan, this can be from an uploaded file or alternatively you can specify the content root. You can also apply Filters as well.
If uploading, select Upload File then Browse to the relative directory and then select Upload File.
When specifying the content root, go to Add Content Roots and then select either By Direct Entry or From a Content Root Enumeration scan.
If going By Direct Entry, enter the root for the servers or shares you would like to scan and then click Add.
*Important, ensure no spaces are in the front or end of the file path*
If selecting Content Root Enumeration scan, select the content root enumeration scan you would like to import and then click Import.
On the Filters tab you can opt to Include or Exclude Filters. These have to be very specific and you should consult the Admin Guide should you need to do this. We generally use the following exclude filters for our scans:
*.adm,*.aw,*.bdr,*.bin,*.cab,*.cat,*.chm,*.com,*.cpl,*.cur,*.dat,*.dl_,*.dll,*.dll_1033,*.drv,
*.exe,*.fae,*.hlp,*.ime,*.inf,*.ini,*.inx,*.lnk,*.mecontact,*.mof,*.mui,*.nls,*.ocx,*.pnf,*.so,*.sys,*.tcl,*.tlb,*.tpi,*.ttf,*.ver,*.vxd,
*.windowslivecontact,*.windowslivegroup,*.wmf,*.xsn,*.acr,*.ani,*.asf,*.b3d,
*.bmp,*.bpm,*.cam,*.clp,*.cr2,*.crw,*.cur,*.dcm,*.dcx,*.dds,*.dib,*.djvu,*.ecw,*.emf,*.fsh,*.g3,*.gif,*.grd,*.icf,*.iff,*.icl,*.ico,*.ima,*.img,*.iw44,*.j2k,*.jng,*.jp2,*.jpc,*.jpe,*.jpm,*.kdc,*.lbm,
*.ldf,*.lwf,*.mng,*.nlm,*.ng,*.nol,*.pcd,*.pcx,*.pgm,*.png,*.ppm,*.ppx,*.psd,*.psp,*.ras,*.raw,*.rgb,*.rle,*.san,*.sff,*.sdf,*.sfw,*.sgi,*.sid,*.wbmp,*.xbm,*.xpm,*.aif,*.au,
*.avi,*.lrc,*.med,*.mid,*.mov,*.mp,*.mp3,*.mp4,*.mpe,*.mpg,*.mpeg,*.ogg,*.ra,*.rm,*.rmi,*.snd,*.wav,*.wma,*.wmv,*.jpg,*.jpeg,*.tif,*.tiff
You can also add Filters which filter by file size be it Smaller than or Greater than. We tend to ignore smaller than 30 bytes and ignore larger than 30mb.
You can also choose to filter by file date, so only scan files which have been Added Before or After a certain date and/or only scan files which were Accessed Before or After a certain date.
Moving onto the Advanced tab you can throttle the scan by setting a maximum on the number of files scanned per minute or a maximum on the number of bytes/kb/mb scanned per minute.
In the Inventory Scanning box you can choose stop the scan after it’s reached a number of incidents and to select the Incident Count by either Content Root or Machine.
The PST Scanning box lets you select to scan for PST Files (on by default).
The Administrative Shares Scanning box lets you scan for Administrative Shares (off by default).
In the Remediation Detection Preferences you can choose from the below options (Item No Longer Exists is ticked by default).
On the Protect tab you can go to the Allowed Protect Remediation box and select Copy, Encrypt and/or Quarantine if applicable (none selected by default).
In the Quarantine/Copy Share box you can setup a path where the files are quarantined/copied and add the relevant access credentials.
In the Protect Credential you can add different credentials in the event that the share write access credentials differ from the read access credentials.
Starting, Stopping and Pausing a scan
To start, stop or pause a scan go to the Discover Targets page via Manage -> Discover Scanning -> Discover targets.
Go to the scan you want to select and then select it by clicking the box.
From here you can select whether you want to start, stop or pause the scan.
To edit a scan, either click on it or press the pencil icon on the right of the screen.
4.5 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 100% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |