Microsoft Exchange ActiveSync is a way that you can send corporate emails from a mobile device. ActiveSync can send email either to recipients internal to the corporate network or outside of the corporate network. ActiveSync sends corporate email through an HTTP or HTTPS protocol. Any sensitive information transferring internally or externally that violates your policies is blocked.
The following diagram illustrates how corporate messages are sent through ActiveSync:
Note: The following diagram also applies to iPhones.
In this example, messages are sent from the iPad email client, which is configured with ActiveSync, through the VPN-connected corporate network. The message is sent as an HTTP/S request. The message is received in the ActiveSync Server and sent on to the Microsoft Exchange Server. The Exchange Server sends the message to the MTA server as an SMTP message. The MTA server sends the corporate message on to the recipient.
You can disable ActiveSync monitoring by filtering.
Ignoring Microsoft Exchange ActiveSync monitoring
If you do not want to monitor corporate email messages going through ActiveSync, use the following procedure:
Ignoring Microsoft Exchange ActiveSync monitoring
On the Enforce Server administration console, go to the Server Settings for the Mobile Prevent for Web Server.
In the Request Filtering section, add the host name of the ActiveSync Server to the Ignore Requests to Hosts or Domains field.
Click Save.
About deploying Mobile Prevent as a standalone solution
When you deploy Mobile Prevent as a standalone solution, no other detection server is deployed with the Mobile Prevent for Web Server. The Mobile Prevent for Web Server interacts with the Enforce Server and the corporate proxy server to monitor and prevent incidents on mobile devices. The following diagram describes how the Mobile Prevent solution fits into your corporate infrastructure:
In this deployment, mobile devices connect to the corporate network through your VPN server. The VPN server assigns each mobile device an IP address. This address lets the device access the internal corporate network. After the device is assigned a unique IP address, all HTTP, HTTPS, and FTP traffic is monitored by the Mobile Prevent for Web Server. Each device must be connected to the corporate network through the VPN. If the VPN connection to the corporate network is lost, Mobile Prevent cannot detect any violations.
iPads and iPhones use a native feature called VPN On Demand to create a secure VPN connection automatically without user intervention. VPN On Demand requires certificate-based authentication to create the connection to the VPN Server.
After the VPN connection is established, traffic is sent through the proxy server and analyzed by Mobile Prevent for Web Server. Traffic between the proxy server and the Mobile Prevent for Web Server is done over the ICAP protocol. If no violations are discovered, the traffic is sent to its destination either internally or externally. If violations are discovered, an incident is created and response actions are implemented. Incidents are recorded on the Enforce Server.
When a mobile device sends an email through Microsoft Exchange ActiveSync, the HTTP/HTTPS packets are sent to the ActiveSync server. The packets are then sent to the Exchange Server. Any corporate email should go through Microsoft Exchange ActiveSync. Mobile Prevent does not support the SMTP protocol.
Note: Mobile Prevent does not support response mode (RESPMOD).
for more information about "How Symantec Data Loss Prevention for Mobile works" & How to implement symantec DLP with mobile please refer my previous article link.
https://www-secure.symantec.com/connect/articles/how-symantec-data-loss-prevention-mobile-works-how-implement
Deploying Mobile Prevent and Network Prevent together :
You can also deploy Mobile Prevent with Network Prevent. The following diagram describes how the two products will fit into your corporate infrastructure.
Please see Deployment options for Mobile Prevent.
https://www-secure.symantec.com/connect/articles/how-symantec-data-loss-prevention-mobile-works-how-implement
In this scenario, the Mobile Prevent for Web Server and the Network Prevent Server are deployed as a single detection server. The combined detection server is called Network and Mobile Prevent for Web Server.
In this combination deployment, mobile devices still connect to the corporate network through your VPN server. The VPN server assigns each mobile device an IP address. In this combination deployment, you must specify a range of IP addresses that the VPN server uses for the Mobile Prevent subnetwork. By using a specific range of IP addresses, Symantec Data Loss Prevention can identify Mobile Prevent incidents. After the device is assigned a unique IP address, all HTTP, HTTPS, Microsoft Exchange ActiveSync email, and FTP traffic is monitored by the Network and Mobile Prevent for Web Server. Each device must be connected to the corporate network through the VPN. If the VPN connection to the corporate network is lost, Mobile Prevent cannot detect any violations.
After the VPN connection is established, traffic is sent through the proxy server and analyzed by Network and Mobile Prevent for Web Server. If no violations are discovered, the traffic is sent to its destination. If incidents are generated through mobile devices, the incidents are labeled as Mobile incidents and appear in the Mobile incident page. If incidents are generated through data flowing through your corporate network, incidents are labeled as Network Prevent incidents.
Note: Deploying Mobile Prevent and Network Prevent together may negatively affect the performance of the Network Prevent Server. Performance may be affected if the mobile device traffic is from low-speed 3G networks and has a higher latency than Network Prevent traffic.
In Advanced server settings
Use the Server Settings tab of a detection server's System > Servers > Overview > Server Detail screen to modify the settings on that server.
Use caution when modifying these settings on a server. It is recommended that you check with Symantec Support before changing any of the settings on this screen. Changes to these settings normally do not take effect until after the server has been restarted.
There are no advanced settings on the Enforce Server that can be modified from its server detail screen.
Detection server advanced settings
Setting : Icap.ExchangeActiveSyncCommandsToInspect
Default : SendMail
Description : A comma-separated, case-sensitive list of ActiveSync commands which need to be sent through Symantec Data Loss Prevention detection. If this parameter is left blank, ActiveSync support is disabled. If this parameter is set to "any", all ActiveSync commands are inspected.