Video Screencast Help

symantec DLP policies need to be created

Created: 12 Feb 2013 • Updated: 13 Mar 2013 | 4 comments
Nagaraj Kukke's picture
This issue has been solved. See solution.

Hi,

I have installed test enforce server in our network, need to add the policy for content based blocking, filetype blocking, attachment blocking, printing the content bease in enforce server, need step by step steps to configure all these policies in ferver.

 

Nagaraj Kukke

Comments 4 CommentsJump to latest comment

kishorilal1986's picture

Hi Nagraj,

To achieve above task first u need to install network or endpoint components on which u wanted to blocj such content based on content/filetype.U can create test policy and configure to block (DCM) -keywords to block and apply on each componet i.e network or endpoint.

 

Open the policy in question that is triggering the incidents and blocking confidential information being sent.

1. Set an exception on the Detections tab of the policy for the relevant user's actions*. 
2. Open the policy in question. 
3. On the Detection tab click on the Add Exception button
4. Under Protocol check the option Protocol or Endpoint Monitoring
5. Then click on the Next button. 
6. Enter an Exception Name
7. Under Conditions select the options required by ticking each box required. eg. HTTP, SMTP, Local Drive, Removable Storage, Copy to Network Share, Clipboard,..etc.
8. Go to the bottom and select the dropped Also Match down box and look for and select Sender/User Matches Pattern
9. Click on Add button
10. A new box will appear on screen for Sender Pattern, enter the domain username of the users you want to exclude from the policy. 
11. Click OK button to finish.

Check the chapter on  'Authoring policies' in Admin Guide >

https://www-secure.symantec.com/connect/forums/cre...

https://www-secure.symantec.com/connect/articles/c...

https://www-secure.symantec.com/connect/articles/c...

https://www-secure.symantec.com/connect/articles/d...

https://www-secure.symantec.com/connect/forums/cre...

SOLUTION
UFO's picture

First of all you should configure your Endpoint server. If you haven't install endpoint agents so far - you should refer to Adminstrator's Guide on how to install them.

Then in SDLP console you should go to System > Agents > Agent Configuration and make sure that it is relevant for your policies (has checkboxes marked for each possible way to loose sensitive data: CD/DVD, USB, etc).

After setting up agent confgiguration go to Manage > Policies and create new policy. It will have three tabs. All you need is to set up detection rules on the left tab, and response rules on the right.

STS: DLP

kishorilal1986's picture

Hi Nagraj,

Did u checked my above thread links and expaination which will answer you. plz let me know if anything specific u want...

Nagaraj Kukke's picture

Hi Sorry for late reply dew to license issue we were not able to work on it finally Symantec have responded 

 

Regards,

nagaraj kukke

 

Thanks & Regards,

Nagaraj Kukke