ビデオヘルプ
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

DLP single-tier installation

作成: 29 Oct 2012 • 更新: 04 Dec 2012 | コメント数: 18
UFO の写真
この問題は解決されました。 ソリューションを参照してください。

I have installed SDLP 11.6 in a single-tier installation.

Now I have Enforce and Endpoint servers active on a single physical server. And the Endpoint server is actually Endpoint Discover.

Question: How to install Endpoint Prevent server? Should I install it on a separate server?

Right now I can create policies and generate incidents based on Endpoint, but cannot see that any of responce rules work.

コメント コメント数: 最新のコメントを表示

pete_4u2002 の写真

do you have the license for the endpoint prevent ? if yes, the same server can act as prevent server.

UFO の写真

Yes, I have license for Enpoint Prevent. Thus, SHould I only check if my response rules are correct? In other words, how could I verify if Enpoint Prevent is really working?

STS: DLP

yang_zhang の写真

YES, you are right. You can create a response rule as end user block to test for your Endpoint Prevent. Then create a policy to use this response rule. Defaultly, if you coy a sensitive file to the USB flash-disk, there will be a notification to block your copy.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
UFO の写真

Still unclear. If I set up response rule to just notify user, this works. Well, when I put response to block (e.g. USB copy) this doesn't work. Does Enpoint Discover provide notification functionality? If so, then I do not have Enpoint Prevent in place.

STS: DLP

pete_4u2002 の写真

check under license tab for the modules you have purchased license for

UFO の写真

I do have license for Enpoint Prevent.

The question is: If I install SDLP in single-tier, where and how should I install Endpoint Prevent? In single-tier I have Oracle and Enforce servers on one physical server. Then in Enforce I can add Endpoint server (system doesn't say if it is Discover or Prevent, but it works as Discover, obviously). So, how do I add (install) Endpoint Prvent? On separate server? Or this "Endpoint" server in single-tier is Discover and Prevent too?

STS: DLP

pete_4u2002 の写真

this is how it works, while installing you are asked to install detection server. once installed you need to activate license. the license will be act whether its prevent, monitor, discover etc.

UFO の写真

ok, and in single tier - Endpoint server acts as Detection only or as both Detection and Prevent?

STS: DLP

pete_4u2002 の写真

yes, it acts provided the license is available, i have copied the screen shot for the license on my server.

you can verify on your system , login into DLP console -->System ---> Settings--->  General

ソリューション
UFO の写真

Pete, sorry. You say: "yes, it acts provided the license is available". I didn't understand that. Well, is it Detection of both Detection and Prevent. I have license for both.

STS: DLP

pete_4u2002 の写真

:-), can you post the screen shot of the license page.

if you have both and activated on enforcer then it will detect as well as prevent (endpoint)

UFO の写真

Am I right: it is now only one Detection server for endpoint, that acts as both Endpoint Discover and Enpoint Prevent and it is called Endpoint Prevent?

LICENSE: looks the same as you have posted previously, both ED and EP are licensed.

STS: DLP

pete_4u2002 の写真

yes it is, can you check by testing if prevent and discover works.

UFO の写真

Thanks. Discover works 100%. Prevent - don't know, if I set Notify User response rule - it does work, but preventing e.g. file from being copied to external USB flash drive - not working. 

STS: DLP

pete_4u2002 の写真

notify will still allow, set it to block .

UFO の写真

You know why it was not working? The response rule trigger was set up for severity=Low. I have checked all Severity choices (using Ctrl) thus making response rule set to execute always and it has worked.

STS: DLP

stumunro の写真

if you are unsure what a license is for open it up in notepad it will tell you everything you need to know.

see example below

<name>DLP Network Protect</name>
<version>11.5</version>
<start_date>2012-04-16</start_date>
<end_date>2013-06-15</end_date>
<count>5</count>
<warn_policy>1,120</warn_policy>
<grace_policy>1,60</grace_policy>