Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Monitoring HTTP using Endpoint Agent

Created: 14 Mar 2013 • Updated: 14 Mar 2013 | 6 comments

We're using 11.6.1

We've enabled HTTP/HTTPS in the agent configuration and it appears to have applied to the agent. Out policy is a simple test matching on a keyword.

When we fire up iexplore (we also use a proxy going through 8080 if that matters), if we put in the keyword into the browser search bar, it doesn't raise an incident.

Any idea what could be wrong?

Operating Systems:

Comments 6 CommentsJump to latest comment

stumunro's picture

what polcies do you have built around this? or did you just go into the agent config type in some items and push out an agent... i would need a little more info to help

DLP Solutions2's picture

John,

DLP will only inspect data that is a POST or an upload. So just a basic search may not work, it all depends on the web page and if its a POST.

An easy way to test is to go to a BLOG or Yahoo Board and post keywords.

Please call solved if possible!

Ronak

Please make sure to mark this as a solution

to your problem, when possible.

AMyers6671's picture

Another way would to be to use the POST feature on http://dlpse.com

Aaron

If this post has helped you, please vote up or mark as solution to help others looking for the same data.

kishorilal1986's picture

Hi John,

If ur brosers searches for anykeyword than no matters. if any thing going to tranferred via any tranferable medium than it risk. We have all infra to monitor http and https. I think u dont need to worry about this.

kishorilal1986's picture

Dear John,

Why DLP should generate incident for keyword that added in browser search bar until the keywords has been used at data tansfer.

As daily many ppl will unknowngily seraching for any statement,word and coincidently it match then no of false positive will tremondously genrate the incident which is difficult to handle. Also DLP has not considered such scenirio and not designed to detect what u are looking for.

I hope now u will be clarified the facts and concepts.