Data Loss Prevention

 View Only
  • 1.  Retention issue on compressed (zip) office documents

    Posted May 18, 2015 09:02 AM

    Hello,

    got in touch recently with an issue on incident attachments. If the attachment contains a single office document zip compressed with windows / 7zip / zipmail (didn't test other sw), after downloading the documents for analyse they come up blank / empty; these attachments may have or not policy violations. It's happening for all protocols, from email/smtp to http upload. If the same documents are compressed with more than one document inside, it works just fine.

    We do have in place a Response Rule to retain all attachments (with or without violations for network/endpoint channels).

    Someone has the same issues? Any idea if Symantec is aware of it?

     

    System description:
    Agent: 12.5.0.20035
    System Version: 12.5.1000.01038
    Server type: Enforce server + Endpoint server + Network server

     

    Cheers,

    Morgado

     



  • 2.  RE: Retention issue on compressed (zip) office documents

    Posted May 29, 2015 10:59 AM

    Hello again,

     

    No one is using the retention automated response rule out there? :)

     

    Thanks in advance,



  • 3.  RE: Retention issue on compressed (zip) office documents

    Trusted Advisor
    Posted Jul 09, 2015 09:04 PM

    Morgado,

    I assume this on the Endpoint. I have not seen this issue, so I would open a case on it. It can be policy related or some other anomoly.

    Ronak



  • 4.  RE: Retention issue on compressed (zip) office documents
    Best Answer

    Posted Sep 01, 2015 05:29 AM

    Hello,

    Just a quick update on this issue -

    I opened a case within Symantec and they confirmed this bug: small (less than 100KB) compressed MS Office documents are sometimes not retained in the incident attachments even when there is a response rule saying to keep all attachments (after being downloaded, the files come up blank).

    A hotfix was provided by them and applied with success in 12.5X agents.

    Facts known:
    - Limitation identified since version 11.0
    - Affects only compressed documents
    - It's a design bug, the documents are not properly saved on DB
    - The efficacy of the policy is not a affected, only the attachments are affected

     

    Regards,



  • 5.  RE: Retention issue on compressed (zip) office documents

    Posted Sep 02, 2015 04:05 AM

    Hi Morgado,

    Can you please provide use the link to this hotfix.

    Sure it will help us when we installed endpoint agent.

    Regards.



  • 6.  RE: Retention issue on compressed (zip) office documents
    Best Answer

    Posted Sep 02, 2015 07:05 AM
      |   view attached

    Sure. Find it attached to this post.

     

    Cheers,

    Attachment(s)

    zip
    Hotfix_12.5.2201_Windows.zip   64.28 MB 1 version