DLP single-tier installation
Created: 29 Oct 2012 | Updated: 04 Dec 2012 | 18 comments
This issue has been solved. See solution.
I have installed SDLP 11.6 in a single-tier installation.
Now I have Enforce and Endpoint servers active on a single physical server. And the Endpoint server is actually Endpoint Discover.
Question: How to install Endpoint Prevent server? Should I install it on a separate server?
Right now I can create policies and generate incidents based on Endpoint, but cannot see that any of responce rules work.
Discussion Filed Under:
Comments 18 Comments • Jump to latest comment
do you have the license for the endpoint prevent ? if yes, the same server can act as prevent server.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Yes, I have license for Enpoint Prevent. Thus, SHould I only check if my response rules are correct? In other words, how could I verify if Enpoint Prevent is really working?
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
YES, you are right. You can create a response rule as end user block to test for your Endpoint Prevent. Then create a policy to use this response rule. Defaultly, if you coy a sensitive file to the USB flash-disk, there will be a notification to block your copy.
Still unclear. If I set up response rule to just notify user, this works. Well, when I put response to block (e.g. USB copy) this doesn't work. Does Enpoint Discover provide notification functionality? If so, then I do not have Enpoint Prevent in place.
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
check under license tab for the modules you have purchased license for
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
I do have license for Enpoint Prevent.
The question is: If I install SDLP in single-tier, where and how should I install Endpoint Prevent? In single-tier I have Oracle and Enforce servers on one physical server. Then in Enforce I can add Endpoint server (system doesn't say if it is Discover or Prevent, but it works as Discover, obviously). So, how do I add (install) Endpoint Prvent? On separate server? Or this "Endpoint" server in single-tier is Discover and Prevent too?
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
this is how it works, while installing you are asked to install detection server. once installed you need to activate license. the license will be act whether its prevent, monitor, discover etc.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
ok, and in single tier - Endpoint server acts as Detection only or as both Detection and Prevent?
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
yes, it acts provided the license is available, i have copied the screen shot for the license on my server.
you can verify on your system , login into DLP console -->System ---> Settings---> General
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Pete, sorry. You say: "yes, it acts provided the license is available". I didn't understand that. Well, is it Detection of both Detection and Prevent. I have license for both.
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
:-), can you post the screen shot of the license page.
if you have both and activated on enforcer then it will detect as well as prevent (endpoint)
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Am I right: it is now only one Detection server for endpoint, that acts as both Endpoint Discover and Enpoint Prevent and it is called Endpoint Prevent?
LICENSE: looks the same as you have posted previously, both ED and EP are licensed.
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
yes it is, can you check by testing if prevent and discover works.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Thanks. Discover works 100%. Prevent - don't know, if I set Notify User response rule - it does work, but preventing e.g. file from being copied to external USB flash drive - not working.
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
notify will still allow, set it to block .
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
You know why it was not working? The response rule trigger was set up for severity=Low. I have checked all Severity choices (using Ctrl) thus making response rule set to execute always and it has worked.
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
let know if this helps
https://www-secure.symantec.com/connect/articles/dlp-policy-block-uploading-file-type-web-httphttps
this article has response rule set.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
if you are unsure what a license is for open it up in notepad it will tell you everything you need to know.
see example below
<name>DLP Network Protect</name>
<version>11.5</version>
<start_date>2012-04-16</start_date>
<end_date>2013-06-15</end_date>
<count>5</count>
<warn_policy>1,120</warn_policy>
<grace_policy>1,60</grace_policy>
Would you like to reply?
Login or Register to post your comment.