Data Loss Prevention

 View Only

Symantec DLP doesn't have permission to scan Content roots on Sharepoint

  • 1.  Symantec DLP doesn't have permission to scan Content roots on Sharepoint

    Posted Dec 18, 2014 07:25 AM

    We have


    1) Microsoft SharePoint Server 2013 on Windows Server 2008 R2, 64-bit
    2) Symantec Data Loss Prevention 12.5.0.20035 on Red Hat
    3) Symantec SharePoint Solution (SharePoint Client) has been installed on the windows system

    We have created some sample site collections and pages which can be accessed from the browser at the following urls:

    1) http://XXX.XXX.XX.XX/SitePages/NewPage.aspx (which has the following sample contents)

    ​​{Hi this is a page for storing passwords:

    a) User 1: password 12345
    b) User 2: password 09876
    c) User 3: password qwerty}

    But somehow while accessing it via browser, the url redirects to http://XXX.XXX.XX.XX/_layouts/15/start.aspx#/SitePages/NewPage.aspx

    So we checked the settings in "Site Settings"->"Site Features"->"Minimal Download Strategy" which is deactivated by default.

    2) Similarly we created other contents as the following
        http://XXX.XXX.XX.XX/Lists/DataSheet/Allitemsg.aspx
        http://XXX.XXX.XX.XX/PwdDoc/Forms/AllItems.aspx

    3) Also as per

    i) https://www-secure.symantec.com/connect/articles/configuring-and-running-sharepoint-server-scans-how-set-scans-sharepoint-servers (POINT vi)

    ii) http://www.symantec.com/business/support/index?page=content&id=TECH218866

    we have changed the permissions accordingly

    ---------------------------------------------------------------------------------------------------
    Farm Administrators: View Site Collection Permissions

    URL                                         Permission Level
    http://XX.XXX.XX.XX:17966    Full Control, Design, Edit, Contribute, Read
    ---------------------------------------------------------------------------------------------------
    Central Administration: View Site Collection Permissions

    URL                                         Permission Level
    http://XX.XXX.XX.XX:17966    Full Control, Design, Edit, Contribute, Read
    ---------------------------------------------------------------------------------------------------

    Also see the attached ScreenShot1.png and ScreenShot2.png

    4) So after all these configurations when we configure a scan for the following "Content roots" with the proper credentials for
        (a) BUILTIN\administrator (b) WIN-RE0JBMQ6F6U\administrator

        (i) http://XX.XXX.XX.XX:17966/  
        (ii) http://XX.XXX.XX.XX/  
        (iii) http://XX.XXX.XX.XX/SitePages/NewPage.aspx  

    we get the following errors

    Failed to initialize scan for content root http://XX.XXX.XX.XX:17966/. Reason: Unknown error. See the log files for details.

    http://XX.XXX.XX.XX/ Failed to initialize scan for content root http://XX.XXX.XX.XX/. Reason: Unknown error. See the log files for details.

    http://XX.XXX.XX.XX/default.aspx User WIN-RE0JBMQ6F6U\administrator does not have permissions to scan http://XX.XXX.XX.XX/SitePages/NewPage.aspx 

    The logs don't help as they have this same content.

    Please help!