Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How can I detect and prevent binary file in Symantec DLP

Created: 03 Apr 2013 • Updated: 16 Apr 2013 | 7 comments
This issue has been solved. See solution.

Hi Can Anyone tell me how can I prevent or detect binary files in symantec DLP.

Comments 7 CommentsJump to latest comment

stephane.fichet's picture

Hi,

 you can use standard filetype definition (win exe, mac exe, unix exe,...)  in your policy or even create your own detecttion script to detect some other type of binary file.

 regards

Salim Shaikh786's picture

Hi

This questioned was asked someone during the technical interview so kindly give some idea for above question.

kishorilal1986's picture

Hi Salim,

if you asking about monitoring the execution of exe (binary files ) then you can use application monitoring feature of DLP which can monitor and block.

Application monitoring lets you monitor third-party applications for IM, email, or HTTP/S clients. By default, Symantec Data Loss Prevention only monitors first-party applications such as AIM, Microsoft Outlook, or Mozilla Firefox. Examples of third-party applications include Skype, Mozilla Thunderbird, or Google Chrome. Any application that is not specifically monitored by Symantec Data Loss Prevention must be added to the Application Monitoring page before Symantec Data Loss Prevention can begin monitoring.

Also if you asking about transderring of binary files the you need IDM technology to implement throgh the hasing such kind of data.

Also please refer below

https://www-secure.symantec.com/connect/forums/dlp...

https://www-secure.symantec.com/connect/forums/how...

https://www-secure.symantec.com/connect/forums/det...

SOLUTION
Santosh Mistry's picture

Hi Salim,

What kind of binary file you want to monitor and block as audio,video and exe files are binary then how will u consider. above links are enough to provide you the resolution. I think IDM/hashing of data is better way to achive above

Salim Shaikh786's picture

I got for which I was looking , It can be done using the Application monitoring feature,

Thanks all for your ref.