Data Loss Prevention

Hello,

I am trying to configure the Symantec Endpoint Encryption flexresponse plugin for a DLP policy.  The flex response plugin seems to be correctly installed at agent level since the following log is generated (endpoint agents\operationlogs\FlexResponse0.log) :

04/13/2016 09:30:24 INFO  74301  PluginHost connected to Agent.

04/13/2016 09:30:24 INFO  74302  PluginHost initialized.

04/13/2016 09:30:24 INFO  74304  PluginHost starts processing new plugin execution request.

04/13/2016 09:30:24 INFO  74305  PluginHost is invoking plugin: EERPlugin_flexresponse

04/13/2016 09:30:24 INFO  74306  PluginHost successfully loaded plugin: EERPlugin_flexresponse

04/13/2016 09:30:24 INFO  74308  Plugin [EERPlugin_flexresponse] remediation action succeeded.

The incidents calling the response rule with the flexresponse configured are showing the issue:

- Flexresponse remediation could not be executed

- FlexResponse Error

The objective is to have a response rule allowing the transfer to external storage only if the documents are encrypted with the Removable Storage Encryption solution. Currently the response rule allows the exchange being the file encrypted or not.

Few prints below (error and response rule):

Am I missing something? Thanks for your support.

Morgado.

hello,

 did you enable this parameter in agent configuration PostProcessor.ENABLE_FLEXRESPONSE.int ?

there is many information available there:

https://www-secure.symantec.com/connect/articles/how-deploy-endpoint-flexresponse

 regards

Thank you for the reply Stephane. Yes..  that setting is turned to 1.

Actually the plugin seems to be working, but it fails during the remediation...

I followed that tutorial and also the Symantec guide SEE-FRP_Implementation_Guide_v2014_11.pdf

BR,

Any more thoughts on this?

Thanks a lot!