Data Loss Prevention

First of all, hello everyone!

Hopefully there is someone that can answer my questions regarding Symantec DLP 12.0 which is out.

The "business" questions are:

1) Why is there no support for Windows Server 2012?

2) Why is there no support for Windows 8 (for DLP Endpoint Agent)?

I have installed both Oracle Database 11.2.0.3.0 and SymcDLP modules on Windows Server 2012 and they work fine. Also, I have modified the AgentInstall64.msi to be able to install it on Windows 8 and tested the functionalities. The DLP Agent on Windows 8 works fine.

The other question is related to IDM/EDM at Endpoint level. On previous versions of DLP, when I created an IDM policy and tried to add  Endpoint: Block as a response rule a warning was displayed telling me that I cannot use IDM/EDM and DGM at endpoint level. The endpoint agent only monitored the actions and created incidents (according to policies).

Now, in DLP 12, that warning IS NOT displayed but the endpoint agent still cannot block or notify the end user. So, is the same behaviour but with no warning in DLP console. Why? And why I cannot block/notify at endpoint level when using IDM or EDM?

Thank you,

Stefan

Please read the release notes for DLP 12.0.  Also, you cannot block IDM or EDM at the agent because the file has to be compared on the detection server and then sent back to the endpoint agent.  Imagine a 5mb file being compared on a network prevent for web server,then sent back to the agent.  Other manufacturers claim that they can do this however none of them get through an implementation with any success with EDM or IDM at the agent level.  

Hi

 I agree and understand why it cannot be blocked but removing warning at UI level is not a good idea as people are not aware that they are requesting something that cannot work by design.

 regards

Can someone post a copy of the release notes please? I've not yet seen this in the NFR section and would like to see the new features and bug fix list.

Thanks,

Aaron

Maybe an error message should still exist but if the product is setup correctly then a customer would not have to rely on seeing that message.  This should be discussed at the architecture level when discussing deployment of policies so any potential new customer understands the limitations of a policy and an endpoint.  

Maybe suggest to product development that an enhancement request to add back the warning would be of value.  

I have tried IDM, it neither notifies end user, nor it creates an incident in the admin console. Trying to figure out . . .  will update if something works. 

In regards to the question on Server 2012 and Windows 8 there were no changes on the Endpoint side of things.

If you read the release notes you will see that: "

If you have previously upgraded DLP Agents to version 11.6.2, you do not need

to upgrade the agents to version 12.0. No significant changes exist between the

two versions. The version 12.0 Endpoint and Enforce Servers provide new Endpoint

features compatible with both version 12.0 and 11.6.2 DLP Agents."