Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

print a data via an application we can not get the incident.

Created: 12 Oct 2011 • Updated: 12 Oct 2011 | 5 comments
allenchung's picture

We are testing the DLP Endpoint Prevent and we used the [Protocol or Endpoint Monitoring] function to monitor the confidential documents printered.

If we print a data via an application we can not get the incident.

If we used print preview via this application we can get the incident.

Anyone knows what's wrong and how to solve it?

 

Thanks a lot.

Comments 5 CommentsJump to latest comment

xlloyd's picture

Hi allenchung,

It would help if you could answer some of these questions please.

  1. What version of DLP are you running?
  2. What application is it? Does this application run in your web browser or is it installed on your machine?
  3. Are you using the application monitoring feature?
  4. Can you confirm that the printer/fax protocol is being monitored in the agent configuration page?

Thanks!

If this post has helped you, please vote up or mark as solution
allenchung's picture

Hi xlloyd,

  • What version of DLP are you running?

          (11.1)

  • What application is it? Does this application run in your web browser or is it installed on your machine?

          The application is developed by ourselves.

          This application is installed on the machine. 

  • Are you using the application monitoring feature?

          We also tried the application monitoring but still not work.

  • Can you confirm that the printer/fax protocol is being monitored in the agent configuration page?

          Yes.the printer/fax protocol is being monitored in the agent configuration page.

Thanks for your reply.

yang_zhang's picture

Hi allenchung,

The print monitor users the detours API to intercept and replace calls to certain Windows GDI calls.

Until now, the hooked GDI calls are the following:

  • CreateDC
  • StartDoc
  • ExtTextOut
  • TextOut
  • EndPage
  • EndDoc

I think you need to check and confirm with your developer: what kind of GDI calls the application used during the print and print preview.

Good luck.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
allenchung's picture

Dear Sir,

If we don't use these CDI calls ,how can I  solve this issus.

Do we need to modify our program code? Or Symantec can provide any solution?

Can we use application monitoring? How can we find the real process file?

We used process explorer to find some process files and config some process files application monitoring,but still not work.

 

Thanks.

yang_zhang's picture

How do you configure the application monitoring?

Below is the screenshot for your information:

And, another method you can try: upgrade your DLP into a v11.1 MP1 one.

Good luck.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.