Application monitoring lets you monitor third-party applications for IM, email, or HTTP/S clients. By default, Symantec Data Loss Prevention only monitors first-party applications such as AIM, Microsoft Outlook, or Mozilla Firefox. Examples of third-party applications include Skype, Mozilla Thunderbird, or Google Chrome. Any application that is not specifically monitored by Symantec Data Loss Prevention must be added to the Application Monitoring page before Symantec Data Loss Prevention can begin monitoring. For example, if your company uses Mozilla Thunderbird, you must add Mozilla Thunderbird to the Application Monitoring page. You need to add the application because Mozilla Thunderbird is not monitored by default. After Mozilla Thunderbird is added, Symantec Data Loss Prevention monitors the file attachments that are sent by the email client through the network.
Additionally, you can configure global changes to default applications. You can associate blacklist or whitelist metadata to network monitoring, CD/DVD applications, and the applications that use print/fax or Clipboard functions. You can also specify if you do not want Symantec Data Loss Prevention to monitor applications for network, print/fax, Clipboard, or file system activities. For example, you may want to exclude Clipboard activities on Microsoft Outlook. You would edit the settings for Microsoft Outlook to exclude Clipboard activity on the application fingerprinting page. The applications on this page are only the applications that you want to modify for network, print/fax, Clipboard, or file system monitoring.
The Application Monitoring page displays the list of currently monitored CD/DVD applications. If you do not see the specific CD/DVD application you need, you must add that application to the list.
List of CD/DVD applications :
The following table describes the supported CD/DVD burning applications and the supported versions. If you have a different CD/DVD burning software application, you can add your CD/DVD application to the list of recognized burning applications. After you have submitted your CD/DVD application, Symantec Data Loss Prevention incorporates your CD/DVD burning software into its system. To include your CD/DVD burning software, contact Symantec Support. You cannot delete or modify any pre-existing burning applications.
Brand names and binary names of CD/DVD burning software contains a list of the brand names of the third-party CD/DVD burning software as well as the binary name of the specific versions.
Brand name Binary name
Blindwrite BW.exe
Burn At Once mkisofs.exe
BurnAware Free Edition burnaware_data.exe
CheetahBurner CheetahBurner.exe
CopyToDVD c2cman.exe
CopyToDVD copytocd.exe
Cheetah DVD CheetahBurner.exe
Cheetah CD CheetahBurner.exe
CommandBurner CmdBurn.exe
DeepBurner DeepBurner.exe
GEAR for Windows gear.exe
Nero nero.exe
Nero express essentials 7 nero.exe
NeroStartSmart NeroStartSmart.exe
RecordNow RecordNow.exe
Roxio drgtodsc drgtodsc.exe
Roxio Mediahub Mediahub.exe
Roxio5 Creatr50.exe
Roxio9 Creator9.exe
Roxio10 Creator10.exe
Roxio_Central33 Roxio_Central33.exe
Roxio_Central36 Roxio_Central36.exe
SilentNight Microburner microburner.exe
StarBurn StarBurn.exe
Note: When you use a CD/DVD writer, small text files of less than 64 bytes are not detected during a burn to ISO. Text files over 64 bytes in size are detected normally.
Note: You can remove any application that you add, but you cannot remove a pre-populated application.
Additionally, you can add details about the publisher name for the application. The publisher name details the maker of the software. Adding the publisher name lets Symantec Data Loss Prevention verify the application even if the binary name has been changed. Primarily, the publisher name is used for identifying Symantec processes. However, you can add the publisher name for any of your applications. Adding the publisher name is optional.
Below I will explain you how to add an application to monitor. To add an application, please follow the below procedure.....
Adding an application :
The Add Application Monitoring page can be used to add third-party applications to monitoring policies. Third-party applications can include the following types of applications:
CD/DVD applications (for example, Roxio)
Internet browsers (for example, Google Chrome)
IM applications (for example, Skype)
SMTP applications (for example, Mozilla Thunderbird)
Adding an application
Procedure Step 1 : Under the Application Information section, You must enter at least one of the following fields:
@ Name
@ Binary Name
@ Internal Name
@ Original Filename
@ Publisher Name
If you enter the Publisher Name, you can choose to select the Verify publisher name option. This option ensures that the publisher name of the application is correct. Using the Verify publisher name option may affect performance as it increases system resources.
Procedure Step 2 : Under the Application Monitoring Configuration section, select one or more of the following monitoring options:
@ Network Access
@ Print/Fax
@ Send to Clipboard
@ Filesystem Activity
Procedure Step 3 : If you have selected Filesystem Activity, you can select one of the following options:
@ Monitor Application File Access
@ Monitor writing to CD/DVD
Selecting the Application File Access or CD/DVD options lets you choose to monitor the files that the application opens or the files that the application reads.