Data Loss Prevention

 View Only

  • 1.  Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Posted Jan 21, 2014 12:43 AM

    I wanted to monitor activities on only 2 network drives which are connected on our network. Is it possible to achieve this ? If yes, then please share the details.



  • 2.  RE: Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Broadcom Employee
    Posted Jan 21, 2014 03:50 AM

    What kind of detection server you used? Endpoint or Network Monitor?



  • 3.  RE: Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Posted Jan 21, 2014 05:22 AM

    It is Endpoint Detection Server in Monitoring mode.



  • 4.  RE: Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Trusted Advisor
    Posted Jan 21, 2014 03:12 PM

    Ritz84,

    At this point there is no way that you can filter on the network drive.

    Unfortunately this has not been implemented in the product. There is an enhancement request on filtering by inclusion or exclusion for network drives through the endpoint.

    I would reccommend opening a case with SYMC so that you will be notified of its progression.

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak



  • 5.  RE: Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Trusted Advisor
    Posted Jan 22, 2014 01:55 AM

    hi ritz,

     what do you want to monitor ? files modifications, files creations, files copy, files access... ?



  • 6.  RE: Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Posted Jan 22, 2014 04:27 AM

    Hi Stephane,

    As of now we just want to monitor file transfers from those 2 network drives.



  • 7.  RE: Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Posted Jan 22, 2014 04:27 AM

    Hello DLP Solutions,

    Appreciate your valuable comment.

    Thanks.



  • 8.  RE: Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Posted Mar 10, 2014 10:19 AM

    Could you build a network exception in the agent filter that only includes the IPs of the file shares you want to monitor?  This doesn't work for most environments as they want additional filtering, but it should work in this one.  Look in the agent configuration toward the bottom.  It looks like the following:

     

    Specify Network filters here to optimize monitoring. These filters will tell the Agent to monitor or ignore network traffic based on IP addresses or domain names.

    IP Filters:

     



  • 9.  RE: Symantec DLP: Monitoring of specific Network Drive/ Shared Directory

    Trusted Advisor
    Posted Mar 10, 2014 12:24 PM

    Jsneed,

    Those IP filters and Domains ONLY apply to HTTP/HTTPS, FTP and nothing else.

    As mentioned above. It is currently NOT possible to filter ANYTHING when it comes to the ENDPOINT agent to filter copies TO or FROM NETWORK SHARES.

    I spoke to the Product Managment Team and there is a FEATURE for this that is going to come in a release that is currently scheduled for the beginning of NEXT year. (there is no guarantee for this)

    If this is a feature more of us want, we ALL need to be vocal. Contact SYMC support and log a case for this needed functionality. The squeeky wheel gets the oil!

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak