Académique Documents
Professionnel Documents
Culture Documents
Legal Notice
Copyright 2016 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Contents
Chapter 1
Introduction
........................................................................... 5
Chapter 2
5
6
6
6
7
7
7
7
8
8
Contents
Chapter 3
16
16
17
17
17
18
20
20
21
21
22
22
23
23
24
26
26
30
30
32
40
40
43
43
43
47
47
48
48
49
49
Chapter
Introduction
This chapter includes the following topics:
What's new and what's changed in Symantec Data Loss Prevention 14.6
Finding information about Symantec Data Loss Prevention Cloud Prevent for
Microsoft Office 365
Finding information about Symantec Data Loss Prevention Cloud Service for
Email
Finding information about Symantec Data Loss Prevention Cloud Service for
Discovery
Finding information about the Symantec Data Loss Prevention Cloud Service
Connector
Introduction
What's new and what's changed in Symantec Data Loss Prevention 14.6
2.
3.
Go to
https://support.microsoft.com/en-us/kb/2919355
and install KB2919355.
2.
Go to
https://support.microsoft.com/en-us/kb/2919442
and install KB2919442.
Introduction
Upgrading Symantec Data Loss Prevention 14.6
Introduction
Finding information about the Symantec Data Loss Prevention Cloud Service Connector
If you are implementing Symantec Data Loss Prevention Cloud Service for
Discovery, see the Symantec Data Loss Prevention Getting Started with the
Symantec Data Loss Prevention Cloud Service for Discovery guide. This guide is
available here:
http://www.symantec.com/docs/DOC9384
Chapter
Fixed issues
This chapter includes the following topics:
Issue ID
Description
3951942
Some Data Loss Prevention Oracle TYPE objects are recreated as BYTE instead of CHAR storage
for their char and varchar components during upgrade. This leads to the SQLException: inserted
value too large for column.
4013746
Fixed issues
Fixed issues in 14.5 Maintenance Pack 1
Issue ID
Description
4010392
Duplicate entries for agents upgraded from versions pre-12.5 to 12.5 or later.
4005713
After you create a Scan Detail with a WalkID greater than 999, when you open the Scan Detail
report from the Scan History pane, an exception is generated.
Issue ID Description
3947630 (Server Detection) The Form Recognition profile state shows "Indexing Found some Unusable files" while
the usable forms count is correct.
3950720 (Server Detection) The CUSIP DI rule doesn't detect CINS, PUT, CALL and numbers with spaces.
3961271 (Server Detection) Incidents for some PDF files are not generated for the File Type policy.
3965750 (Endpoint Detection) The Endpoint agent can detect some, but not all, password-protected file types inside
a zip file.
3973120 (Server Detection) For Form Recognition, a match is not detected for all images in a multi-page tiff.
3975347 (Server Detection) Unable to index Form Recognition profile.
3975466 (Server Detection) Need new validator for NIB numbers for upgrader file.
Issue ID Description
3936171
(On-premises Discover) SharePoint FlexResponse Plugin does not quarantine files on SharePoint 2010.
10
Fixed issues
Fixed issues in 14.5 Maintenance Pack 1
Table 2-4
Issue ID Description
3946944
(Cloud Discover) The Exclude Users/User Paths filter for Cloud Storage Discover targets is case sensitive.
User and user lists must be entered in lowercase characters only.
3950998
3958481, (Cloud_Discover) Scheduled scan does not work and gives a "no authorization is defined" message.
3974757
3965509
(On-premises Discover) Collaborator remains between the scanning user and quarantine user when the
quarantine user storage limit is exceeded or there is no permission to upload the file to the quarantine
user.
3965516
(On-premises Discover Box) User exclude path causes the collaborated folder to be skipped during
scanning.
3965521
(On-premises Discover) The User/folder exclusion is case sensitive and must be in lowercase to work.
3966475
(On-premises Discover Box) Duplicate entries of ALI Files are shown in the ownerBasedFilePath
field of the metadata file.
3966478
(On-premises Discover) An error appears when a visual tag action is deleted from response rule.
3966480
(On-premises Discover Box) If a Box user has the same display name as another Box user, Data Loss
Prevention scans only one user out of the same-name users.
3966678
SharePoint scans only run for a short time after upgrade to 14.0.2.
3969788
(Cloud Discover) Incremental and deduplication filters should fail an item and not the crawl if the item key
or item set key is unobtainable.
3969789
3969940
(Cloud Discover Box) When you click Queued or Scanning in the Scan Status column to view the scan
history for a specific target, you see an error message instead of the different walks for the specified target.
3970141
(On-premises Discover) SharePoint scans terminate on receiving a SOAP fault exception instead of
skipping that item and continuing with the rest of the items.
3971364
(Cloud Discover) Ths exclude user/userpath filter for OneDrive target is not enabled by default. Users
must add a property to manager.properties to enable the exclude user/ userpath filter.
3974517
(Cloud Discover) Running a scan after a monitor controller restart results in an authorization issue. Entries
are deleted from the scan container on Monitor Controller restart.
3975111
(Cloud Discover) Box visual tag addition fails when the log is enabled at FINEST level.
3975112
(Cloud Discover) Box visual tag addition fails when the tag contains special characters.
11
Fixed issues
Fixed issues in 14.5 Maintenance Pack 1
Table 2-4
Issue ID Description
3975113
(Cloud Discover) Processed count shows as completed for the scanning user when Scan is in a Paused
state.
3975116
(Cloud Discover) Box file downloading error message contains placeholders such as 0 or 1.
3976188, (Cloud Discover) Item ID, Location, and File Owner information is missing from the Access Information
3980863 CSV file.
Issue ID Description
3920309
3923265, (Endpoint General) Failure to monitor WebSocket protocol in browsers on the Endpoint Agent.
3964478
3953100
(Endpoint General) An Agent event with an extended value greater than 4Kthat is received by Monitor
Controller with incorrect transient SQL exception handling results in an endless MonitorController loop
and agent data persistence outage.
3954340
(Endpoint Detection) Exclude prefix does not work for the Endpoint Agent.
3962271
(Endpoint General) VFSMFD and other drivers are not protected against tampering through the registry.
3962282
3962284
(Endpoint General) Symantec Data Loss Prevention fails to detect file upload to Google Drive by Gmail
with Internet Explorer 11 and Firefox 46.
3962285
(Endpoint General) Symantec Data Loss Prevention cannot detect the photos that are uploaded to
photos.google.com.
3962290
(Endpoint General) Agent crashes when Microsoft System Center 2012 R2 is launched.
3970310
(Endpoint General) Sensitive content posted on media.daum.net it is not monitored on Symantec Data
Loss Prevention versions 12.5.2, 14.0.1, and 14.5 when using Internet Explorer and Firefox.
3970731
3970993
(Endpoint Detection) The file name in ZIP is reported as DefaultFileName if the file name is not encoded
by UTF-8.
3972200
(Endpoint General) The Endpoint agents get an Application error in brkrprcs64.exe after each reboot.
12
Fixed issues
Fixed issues in 14.5 Maintenance Pack 1
Table 2-5
Issue ID Description
3972225
(Endpoint General) The UI_CONSECUTIVE_TIMEOUT setting does not work for values lower than 10
seconds.
3973289
(Endpoint General) With Outlook 2016 a restart is necessary when the agent is upgraded to the latest
version.
3980698
(Endpoint General) SharePoint FlexResponse Plugin does not quarantine files on Sharepoint 2010 because
of a java.net.NetPermission issue with SharePoint connector quarantine.
3980699
(Endpoint General) Chrome crash after copy with Symantec Data Loss Prevention endpoint agent installed.
3984489
(Endpoint General) OneDrive data and SharePoint data are not detected with the latest new user interface
for a Microsoft for Business account.
3984575
(Endpoint General) SharePoint 2016 quarantine fails but does not reflect the failure state on the incident
report.
3986665
(Endpoint General) When you use Firefox and Internet Explorer HTTPS monitoring, the attached and
uploaded sensitive files on OneDrive from Outlook.com are not monitored.
3995791
(Endpoint General) Mac OS X crashes when Symantec Data Loss Prevention tries to access the
Chinese/Japanese/Korean network share path with the long form of the along path.
Issue ID Description
3984451 Endpoint response message box returns Thai language at Allow and Cancel options.
3988150 Firefox and Chrome crash when the end-user attempts to copy text or a website URL for some websites
in Turkish.
Issue ID Description
3961101 (Enforce) Data Insight login functionality is broken for passwords having special characters.
13
Fixed issues
Fixed issues in 14.5
Table 2-7
Issue ID Description
3966769 (Enforce) There is a performance issue with the Pending attributes lookup SQL query where the Enforce
UI hangs or there is a delay in Manager startup.
3982978 Not able to quarantine files with double byte character set file name with SharePoint Quarantine
FlexResponse plug-in.
3987642 (Enforce) Quarantine FlexResponse filesystem is not resetting the last access date.
3988383 (Policy Content) Need to modify Credit Card Number DI to support new MasterCard BIN range.
Issue ID Description
3753839 The FileReader failed to start when the EventLog Startup event (code 6005) was missing from the Windows
System Event queue.
Issue ID Description
2559510 Network Discover did not scan mailbox archives when using an alias for the mailbox name.
3701715 Editing Directory connections that had been indexed was very slow on upgraded systems.
3723941 Symantec Data Loss Prevention truncated content root paths that included the "&" character.
3909265 Cloud Storage Discover did not clean up temporary KV**** files from the temp directory.
14
Fixed issues
Fixed issues in 14.5
Issue ID Description
2128427 The Print/Fax incident detail page displayed "unknown" as the printer name for incidents in Microsoft Word
files.
3717453 The Symantec Data Loss Prevention Agent loaded post-processor commands incorrectly, reversing the
order of commands and conditions with numeric values, such as the Severity condition. This is an agent-side
fix.
3805717 EDM detection failed for documents in the body or attachment of Microsoft Outlook emails. This is an
agent-side fix.
3807139 Policy exceptions did not work for URLs or Groups.
3857040 Symantec Data Loss Prevention did not detect sensitive keywords in the Notes section of master slides in
Microsoft PowerPoint. This is an agent-side fix.
3930738 Printing PDF files from the web using Microsoft Internet Explorer took longer than expected.
Issue ID Description
3695349 In some localized versions of Symantec Data Loss Prevention, selecting "bytes" as a file attribute caused
an unexpected error.
Issue ID Description
3703898 Incident components were encrypted with an unknown key and could not be decrypted by the Enforce
Server.
3719685 The Monitor Controller occasionally failed to send data to detection servers because of outdated or missing
locator objects (LOBs).
3767165 The total incident count in the incident summary exceeded the Java Integer.MAX_VALUE, and appeared
as negative value in the Enforce Server administrative console.
15
Fixed issues
Fixed issues in 14.0.2
Table 2-12
Issue ID Description
3771585 Filtering incidents by the "Incident Notes" field did not work correctly.
3869321 The AdminPasswordReset tool did not work correctly on upgraded systems.
3884745 Symantec Data Loss Prevention users were unable to renew their passwords when accessing the Enforce
Server administrative console on Microsoft Internet Explorer 11.
3885164 Symantec Data Loss Prevention frequently displayed the system alert Agent data batch persist
error - code 4050 - Null Pointer Exception in Monitor Controller.
3891897 Symantec Data Loss Prevention failed to synchronize with Active Directory, returned a Null Pointer exception.
3895006 The System > Login Management > Roles > Users page displayed user names in random order.
3931600 Symantec Data Loss Prevention occasionally encountered invalid character errors due to an issue in
ojdbc6.jar.
3936251 Symantec Data Loss Prevention occasionally encountered unexpected errors due to a change in the SSN
data identifier.
Issue ID Description
3892499 The upgrade process failed at the migration stage with the error ORA-06502: PL/SQL: numeric or
value error: number precision too large.
16
Fixed issues
Fixed issues in 14.0.2
Issue ID
Description
3905447
3910388
The Custom Script Validator was unstable when parsing scripts that included "if" statements.
Symantec Data Loss Prevention includes a new version of the Custom Script Validator. To enable
this new version, add the following line to the
SymantecDLP/Protect/config/protect.properties file on the Enforce Server and each
detection server:
customscriptengine.validator.version = 3.0
3915894
Symantec Data Loss Prevention did not extract and detect content encoded in UTF-8 properly.
Issue ID
Description
3903579
Symantec Data Loss Prevention did not properly detect Korean characters.
Description
3849050, 3901029 The Save button was disabled after adding a new content root to a Discover target.
3898060
Discover scans of Microsoft SharePoint 2010 targets failed if any list item contained an invalid
character in its description.
3901031
A paused Discover scan will not restart after being moved to another Discover server.
3901033
3901034
Symantec has improved the Scan Details logs to support better automatic parsing.
17
Fixed issues
Fixed issues in 14.0.2
Table 2-16
Issue ID
Description
3906215
3908853
Box scans fail completely if a Box API error occurs while fetching the child objects from a folder.
3908857
3908859
Cloud Storage Discover returned an inaccurate user count for Box user groups.
3908860
Symantec Data Loss Prevention did not display an accurate error message when you entered
an invalid scan schedule.
3908863
For Box scans, Symantec Data Loss Prevention displayed the label "Box" in the Processed
Fields column of the Scan Details page, rather than the correct label "Users."
3921903
After deleting content roots from a Discover scan target, you could not add new content roots
directly.
Issue ID
Description
3886958
After upgrading the DLP Agent on Mac, response rules failed for policies that included more than
a single response rule.
3894844, 3897692 The DLP Agent on Windows did not monitor files uploaded to Google Drive due to a file permission
error.
3897595
Installing the DLP Agent on Mac occasionally caused kernel panics and reboot loops. This is an
agent-side fix.
3897596
The DLP Agent did not throttle network communication as specified in the Enforce Server
administration console.
3897597
The DLP Agent caused a fatal system error on the endpoint computer when viewing the file
properties of files on Andrew File System (AFS) drives. This is an agent-side fix.
3897607
The DLP Agent caused endpoint computer applications to quit unexpectedly when users copied
data from those applications and Clipboard Monitoring was enabled. This is an agent-side fix.
3897691
3897696
The DLP Agent did not detect all sensitive content when uploading multiple files to 2shared.com.
This is an agent-side fix.
18
Fixed issues
Fixed issues in 14.0.2
Table 2-17
Issue ID
Description
3897699
The DLP Agent quit unexpectedly when monitoring files with file names exceeding 260 characters.
This is an agent-side fix.
3897703
The AttributeQueryResolver tool returned an incorrect value for the AgentHostVersion of Microsoft
Windows 10 endpoint computers.
3899115
The URL field in HTTPS incident snapshots displayed the IP address rather than the proper URL.
This is an agent-side fix.
3901038
The DLP Agent occasionally caused fatal system errors on 32-bit endpoint computers. This is
an agent-side fix.
3901040
Endpoint computer users occasionally encountered an error related to NSS3.dll when starting
Firefox. This is an agent-side fix.
3901041
The DLP Agent encountered occasional problems parsing text in MIME format sent in web emails.
This is an agent-side fix.
3901042
The DLP Agent caused the endpoint computer to drop its connection to a mapped DFS file share
when users copied files to that mapped share. This is an agent-side fix.
3901043
The Endpoint Copy to Share feature caused "could not lock file" errors when two users accessed
the same Microsoft Access MDB or ACCDB files. This is an agent-side fix.
3904143
The DLP Agent caused fatal system errors on endpoint computers running Symantec Endpoint
Protection and configured to monitor Microsoft Office files with Invincea. This is an agent side
fix.
3909401, 3922454 The DLP Agent prevented virtual machines from starting when installed on Citrix XenApp 7.6
servers. This is an agent-side fix.
3910883
The DLP Agent caused Google Chrome to become unresponsive after a user pasted clipboard
content into Chrome. This is an agent-side fix.
3911614
The DLP Agent caused high CPU usage on endpoint computers when users browsed the web
using Microsoft Internet Explorer with HTTPS monitoring enabled. This is an agent-side fix.
3913682
The DLP Agent occasionally caused explorer.exe to fail to load on Microsoft Windows endpoint
computers. These computers would display only a black screen. This is an agent-side fix.
3915744
The DLP Agent now functions on endpoint computers running in Windows Safe Mode. This is
an agent-side fix.
3922010
The DLP Agent occasionally caused Java overlapping I/O errors when Network Share monitoring
was enabled. This is an agent-side fix.
19
Fixed issues
Fixed issues in 14.0.2
Table 2-17
Issue ID
Description
3923238
Endpoint computers with the DLP Agent and Websense DCEP and Proxy installed became
unresponsive. This is an agent-side fix.
Issue ID
Description
3901037
The User Cancel dialog box had a mistranslation of the word "Allow" in the German locale. This
is an agent-side fix.
Issue ID
Description
3873394
The uniform naming convention (UNC) path could not be resolved for incidents exported to CSV
files.
3892472
Symantec Data Loss Prevention failed to generate the ZIP archive of policy details for policies
with missing or undefined information.
3895012
Symantec Data Loss Prevention did not clean up locator objects (LOBs) from the Oracle database
TEMP tablespace, resulting in a memory leak in that tablespace.
3895014
Symantec Data Loss Prevention garbled some incident data because the SYSTEM cryptographic
key in the Oracle database was overwritten after registering a new Endpoint detection server, or
enabling the Endpoint channel on an existing detection server.
3895016
The MonitorController0.log file displayed multiple null pointer exception error alerts while
processing endpoint agent information.
3897511
DLP users were displayed in a random order on the Users tab of the System > Login
Management > Roles > Configure Role page.
3897616
The Enforce Server failed to automatically connect to the Symantec Cloud Gateway after a DNS
resolution failure.
3900158
User synchronization failed due to a null pointer exception when synchronizing the Active Directory
source.
20
Fixed issues
Fixed issues in 14.0.1
Table 2-19
Issue ID
Description
3904182
The detection server configuration page was very slow to load in the Enforce Server administration
console.
3916379
Network Monitor and SMTP Prevent did not work when the Enforce Server was connected to
both an on-premises detection server with packet capture and a cloud detector.
3917580
Symantec Data Loss Prevention 14.0.2 includes a more comprehensive solution for the numeric
overflow issue introduced in Symantec Data Loss Prevention 12.x. For more information about
this issue, see these articles at the Symantec support site:
http://www.symantec.com/docs/ALERT1836 and http://www.symantec.com/docs/TECH230477
3917648
Editing a Discover target prevented all other Discover targets in the same policy group from being
concurrently edited. The Enforce Server administration console displayed the error message
"The scan assignment is currently locked by another user."
3919403
Cloud detectors encountered issues when reading policy data provided by the Enforce Server.
Issue ID Description
3797881 Incident counts were lower for detection servers on Microsoft Windows Server 2008 platforms than for
those on Red Hat Enterprise Linux 5.x platforms.
3790152 "Sender-matches" pattern rules did not work correctly for HTTP incidents.
3804060 Exact-match IDM detection failed for some files.
3805718 EDM detection failed for message bodies and attachments in Microsoft Outlook.
3807155 Directory group and domain exceptions did not work as expected.
21
Fixed issues
Fixed issues in 14.0.1
Table 2-20
Issue ID Description
3821980 Group directory indexing occasionally failed due to LDAP OBJECT_NOT_FOUND errors.
Symantec Data Loss Prevention 14.0.1 includes a new Indexer.properties setting to address this issue:
com.vontu.profiles.directoryconnection.maxObjectNotFound.
For information about configuring this setting, and additional information about directory user group indexing,
see this article at the Symantec Knowledge Base: http://www.symantec.com/docs/TECH232712.
3826651 DCM detection on PDF files did not work as expected.
Issue ID
Description
3789420
After upgrading to Symantec Data Loss Prevention 12.5, editing access to indexed directory
connections was very slow.
3797890
Content root paths entered directly in a Network Discover target were truncated at the "&" symbol.
3801397
In Box Crawler incident reports, the string "Box" was replaced by the number "43."
Description
3816059, 3839227 Three new advanced server settings have been introduced in Symantec Data Loss Prevention
14.0.1: CONNECT_DELAY_POST_WAKEUP_OR_POST_VPN_SECONDS,
NetworkMonitor.NETWORK_THREAD_CONCURRENCY_COUNT.int, and
NetworkMonitor.NETWORK_REQUEST_QUEUE_COUNT.int.
For information about these advanced server settings, see the latest version of the Symantec
Data Loss Prevention Administration Guide here: http://www.symantec.com/docs/DOC8734
22
Fixed issues
Fixed issues in 14.0.1
Issue ID
Description
3781882
The agent start delay to fetch the user locale was hard-coded to one second. The delay time is
now customizable.
To customize the agent start delay time, follow this procedure:
Navigate to the Agent Configuration page: System > Agents > Agent Configuration.
On the Advanced Agent Settings tab, enter an integer value between 1 and 20 for the
LocalizationManager.LOCALE_RECEIVING_DELAY_ON_NEWUSER_LOGON_IN_SECONDS.int
setting.
Click Save.
3790590
Endpoint location awareness was delayed after endpoint startup, resulting in false positive
incidents.
3790633
3790638
Multiple notifications were displayed when users saved files to the Microsoft OneDrive sync folder.
3797883
Printer/Fax incident details did not identify the printer for Microsoft Word documents. The printer
was labeled "Unknown."
3804794, 3836926 The TIMS database application was unavailable when the DLP Agent was deployed on a Citrix
virtualized desktop.
3830719
The DLP Agent did not block files uploaded through the Microsoft Silverlight plug-in.
3834739
DLP Agent HTTP monitoring performance has been improved in Citrix XenApp environments.
3844329
Users experienced poor performance when accessing or adding to Microsoft Internet Explorer
Favorites.
Issue ID Description
3735480 If you were using Oracle 12c for your Symantec Data Loss Prevention database, you could not upgrade
your Symantec Data Loss Prevention installation.
23
Fixed issues
Fixed issues in 14.0.1
Issue ID
Description
3796483
When detection errors occurred in SMTP traffic, the error message was returned to Symantec
Data Loss Prevention, but the SMTP message was passed downstream.
3796948
Network Prevent for Web HTTP Response monitoring could not correctly identify file names for
IBM (Lotus) Notes documents. Contact Symantec Technical Support for more details about fixing
this issue for your specific IBM/Lotus Notes installation.
24
Chapter
Known issues
This chapter includes the following topics:
Known issues
Known product issues
Issue ID
Description
Workaround
3954883
4015406
Table 3-2
Issue ID
Description
Workaround
3948621
Table 3-3
Issue ID
Description
Workaround
3973181
Symantec Data Loss Prevention services fail to load on Red To work around this issue, see the solution
Hat Enterprise Linux 7.2 systems. This issue is related to
here:
https://bugzilla.redhat.com/show_bug.cgi?id=1285492.
https://access.redhat.com/solutions/2067013.
4009835
4010911
None.
26
Known issues
Known issues in 14.6
Table 3-3
Issue ID
Description
Workaround
4012310
4013348
When the data retention response is used, there is still a link None.
to view the original message in the incident details. The link
is empty.
4014481
The output text for contextual rules does not contain the
None.
expected policy details that you see in the output for keyword
rules.
4015011
4015011
4015404
4016237
4016276
4016280
None.
4016493
None.
4016495
None.
4016585
None.
None.
27
Known issues
Known issues in 14.6
Table 3-3
Issue ID
Description
4017473
Table 3-4
Workaround
Issue ID
Description
Workaround
4011098
4011142
and
4011113
Adobe Reader is whitelisted on the Application Monitoring Contact Symantec support for additional
screen. The application is whitelisted to prevent it from
details.
crashing when users attempt to save sensitive files to
removable storage devices or network shares.
4010574
4011997
4012000
None.
28
Known issues
Known issues in 14.6
Table 3-5
Issue ID
Description
Workaround
3984581
None.
4001300
4015875
4015979,
4003050,
4012169
29
Known issues
SharePoint known issues in 14.5 Maintenance Pack 1
Issue ID Description
Workaround
3980999, After sensitive documents from team discussion are uploaded None.
3989738 and scanned, the SharePoint 2016 quarantine is successful
and the marker file is created and the extension is replaced by
txt. However, the link is not updated to point to the marker file,
so the user sees a blank file.
3989811
SharePoint 2010 does not work properly with the plug-in for
Use the following combination for
quarantine and quarantine release with the Maintenance Pack SharePoint 2010 and Maintenance Pack
1 solution.
1:
3989735
None.
3989736
None.
Issue ID Description
Workaround
1799071 If multiple recipients are specified in the Recipient Pattern field When creating the Recipient Pattern rule,
and the MatchCounting option is greater than 1, incidents are
set MatchCounting to At least 1
not created even if two or more recipients match the pattern.
recipient must match.
Incidents are not created either on the detection server or stored
in the DLP Agent.
1826457 DGM policies based on EDM profiles do not detect email
addresses formatted in Lotus Notes hierarchical format.
None.
30
Known issues
Detection known issues
Table 3-7
Issue ID Description
Workaround
2131156 You cannot detect custom file types on the endpoint if you
combine a Custom File Type Signature condition with an EDM
condition in the same policy rule.
2191684 Keyword Proximity matches are counted per matched pair on a Do not use match thresholds with
detection server. However, they are counted per word on an
Keyword Proximity conditions.
endpoint computer. Policies set to create incidents above a match
threshold can produce inconsistent results between the products.
2203882 When configuring a detection condition for Classification to match None.
on only the body of an email message, Classification policies
match on the body of the email as well as the body of all emails
attached to it even if they are email attachments of email
attachments. Any attachment that is not an email itself, will not
match.
Additionally, when configuring a detection condition for
Classification to match on only attachments, Classification policies
match on all attachments with the exception of the body of emails
attached; all other attachment types will match even if they are
part of attached emails.
2629339 When using Titus to classify documents in combination with
None.
Symantec Data Loss Prevention metadata detection, certain tags
added by Titus cannot be detected. The data is stored by Titus
in the XMP metadata for PDF files which is not extracted by
Symantec Data Loss Prevention.
3521579 If a policy exception is configured for deployment to the endpoint None.
and the exception requires two-tier detection, duplicate incidents
are generated.
31
Known issues
Discover known issues
Table 3-7
Issue ID Description
Workaround
None.
3870350 Symantec Data Loss Prevention cannot open TIFF files with a
mix of color, grayscale, and binary images.
None.
3895984 The Image Extractor plug-in used for Form Recognition supports None.
PDF version 1.2 and later. Earlier versions of the PDF file format
are not supported.
3948274 Form Recognition policies create duplicate matches for the first None.
image in a multi-page TIFF file.
3949451 Symantec Data Loss Prevention displays an error for data
identifiers with patterns separated by line breaks. Line breaks
are not supported in data identifier patterns.
32
Known issues
Discover known issues
Table 3-8
Issue ID Description
Workaround
1974658
None.
2075096
The Discover report filter Does Not Match Exactly is sensitive Use the exact path separator as
to path separators. Using / when the path separator in the
specified in the content root used to scan
incident contains \ or vice versa does not produce the expected the share.
result.
2122460
2132915
Starting a scan on a new Discover Server can result in files being Wait a few moments before starting the
re-scanned. This is likely due to the time it takes to propagate second scan. Give the index time to
the incremental index. If the scan starts before the server has update.
received all of the index updates, then some files can be
re-scanned.
2138956
2150273
2233064
2240919
A Server FlexResponse plug-in running in multiple threads may Limit the number of simultaneous plug-in
leave incidents in the Requested protect state.
threads. Set the default number in the
maximum-thread-count property in the
plug-in properties file to 1.
33
Known issues
Discover known issues
Table 3-8
Issue ID Description
Workaround
2483068
The "Ignore smaller than" filter may not work for certain smaller None.
files on Microsoft Exchange 2010 targets. Because Exchange
email files are scanned by Network Discover in both plain text
and HTML format, the file size represented in the target list page
is larger than the actual file in Exchange.
2497863
The Open In Browser link does not work for archived mailbox
items.
None.
2511738
None.
2529816, Some items on broadcast sites created with Microsoft Web Apps None.
2531206 on SharePoint 2010 and 2013 servers are not scanned. Only
the following items on broadcast sites are scanned:
Announcements, Calendar items, Tasks, and Shared Documents.
2583801
Parallel scans of IBM (Lotus) Notes targets in DIIOP mode return None.
fewer scanned bytes for a given target than a single scan does.
2703756, The Scan History page always displays the incident count of
2737410, Endpoint Discover scan targets as N/A.
2738374
In the
VontuFileSystemScanner.cfg file,
add a wildcard value to the
DirectoryFileMatch property:
DirectoryFileMatch=*
2941562
If you stop a Content Root Enumeration scan, the elapsed time Allow the scan to run to completion, and
displays as zero.
the elapsed time will display correctly.
2980582
None.
3035527
None.
3050222
34
Known issues
Discover known issues
Table 3-8
35
Issue ID Description
Workaround
3082527
3182501
3206907
None.
3281853
3433408
In the IncidentPersister.properties
file, add this line:
java.security.krb5.conf=path
where path is the path to the
krb5.conf file, such as
SymantecDLP/Protec/config/.
Known issues
Discover known issues
Table 3-8
Issue ID Description
3448145
Workaround
3660676
None.
3689938
None.
3717396
You cannot create Veritas Data Insight resources for folders or None.
files that have generated Network Discover/Cloud Storage
Discover incidents where the IncidentID value is greater than
Integer.MaxValue().
36
Known issues
Discover known issues
Table 3-8
Issue ID Description
Workaround
3768304
Click Save.
37
Known issues
Discover known issues
Table 3-8
Issue ID Description
3917476
Workaround
38
Known issues
Discover known issues
Table 3-8
Issue ID Description
39
Known issues
Documentation known issues
Table 3-8
Issue ID Description
Workaround
Explorer. The certificate should
display as trusted.
Issue ID Description
Workaround
3963070 The Symantec Data Loss Prevention Administration Guide and None.
online Help incorrectly state that a Network Protect license is
required for the Cloud Storage: Add Visual Tag and Cloud
Storage: Quarantine response rules. These response rules are
available without Network Protect.
Issue ID Description
Workaround
2076523 The Collect Agent Logs task keeps running if agent logs are not
present on the Endpoint Server. If no agent logs are available
on the Endpoint Server, the Collect Agent Logs task continues
to run and cannot stop.
40
Known issues
Endpoint known issues
Table 3-10
Issue ID Description
Workaround
2131164 There is a possibility that some application will retry to attach file None.
blocked by application monitoring. In such circumstances,
endpoint computer users will see multiple pop-ups and multiple
incidents will be reported.
3675162 If users attempt to overwrite an Excel file on a removable storage None.
device with an Excel file that contains sensitive information, the
save operation is blocked and the original file is deleted. This
issue is observed with the DLP Agent for Mac.
3691082 Uploading PDF files larger than 2 MB from an endpoint computer To avoid file upload performance issues
takes several seconds due to the DLP Agent detection process. for large PDF files, apply File Type or File
Size filters in your endpoint scan
configuration.
3697999 The DLP Agent cannot detect sensitive information in the header Deselect Match Conditions: On whole
or footer of files created by Microsoft Office Excel for Mac 2011. words only.
3765823 When an endpoint user attempts to save sensitive information
to OneDrive from a Microsoft Office 2013 application, multiple
block pop-ups may display.
3765797 The DLP Agent does not prevent sensitive information from being Prevent users from logging their
saved from Microsoft Office 2013 applications to OneDrive.
Microsoft Office 2013 applications into
OneDrive from the endpoint. Refer to the
article "Configure user sign-in for Office
2013" for steps. You can view this article
at the following URL:
https://technet.microsoft.com/
en-in/library/jj715259.aspx
3849212 When there is sensitive data on the Clipboard, Symantec Data Whitelist the Windows 10 Mail app for
Loss Prevention creates a Clipboard paste incident when users Clipboard paste monitoring.
open the Windows 10 Mail app before any data is pasted.
41
Known issues
Endpoint known issues
Table 3-10
Issue ID Description
Workaround
42
Known issues
Network known issues
Table 3-10
Issue ID Description
Workaround
3936223 If the Limit Incident Data Retention response rule is used with
None.
Application File Access, incidents are generated, but files are not
available in the Application File Access incident snapshot. The
file displays under the Files section, but it is not clickable or
downloadable.
3799427 Symantec Data Loss Prevention does not create incidents for
None.
sensitive files sent as attachments or uploaded to cloud storage
websites as attachments. This is because attachments are
uploaded as multi-part content.
Archive files such as ZIP files containing files that violate a policy None.
will appear in the incident snapshot. The files within the archive
may appear with garbled names if the names use non-ASCII
characters.
43
Known issues
Detection internationalization and localization known issues
Table 3-12
Issue ID Description
Workaround
1476390
1791134, Detection for PDF files containing Arabic or Hebrew text fails to None.
1866769 detect violations.
1791138
Print monitor fails to detect sensitive Arabic data on the Endpoint None.
when printing from applications such as Notepad, Word, and
PDF files.
1866765
None.
1866867, Sensitive data in Hebrew email body text and attachments that None.
1866873 are encoded as ISO-8859-8-I is not detected. Attachments to
ISO-8859-8-I emails are also not correctly detected even if the
attachment name and content is in standard ASCII format. These
issues are not observed for ISO-8859-8 emails.
1430029, In some cases, when viewing the incident snapshot for an
1479328 attachment with a non-ASCII file name, the file name may be
garbled in the UI. (This issue is fixed for Japanese languages.
See the Fixed Issue section.)
None.
1466323, Symantec Data Loss Prevention supports the encoding standards None.
1470209, defined and supported in Java 7. Due to interpretation differences
1470206 between various vendors the same encoding (for example,
GB2312) will be supported only to the extent of Java 7 support.
For a list of supported Java 7 encodings please refer to:
http://java.sun.com/javase/7/docs/technotes/guides/intl/encoding.doc.html.
44
Known issues
Detection internationalization and localization known issues
Table 3-12
Issue ID Description
1519857,
1463737,
1463747,
1524289,
1791119,
1866773
Workaround
1654792
1708526,
1709649,
1860340,
1503970
1729175
None.
Case-insensitive keyword detection matches incorrectly with the Create separate case sensitive policies.
Turkish I on the server because there are four different versions
of I in the Turkish language. The special conversion is not
covered in the detection engine.
45
Known issues
Detection internationalization and localization known issues
Table 3-12
Issue ID Description
Workaround
1894279
None.
2075491
2268405
When ANSI text files are used for VML, non-ASCII characters
are ignored when extracting keywords to the features file after
training profile.
2305411
None.
2371246
None.
3105214
3114433
None.
46
Known issues
Discover internationalization and localization known issues
Issue ID Description
Workaround
3306490 Endpoint Discover does not detect incidents in text files on Mac None.
OS endpoints encoded in Arabic, Chinese Simplified, Chinese
Traditional, Japanese, Korean, Shift-JIS, and Thai.
47
Known issues
Enforce Server internationalization and localization known issues
2167210 Detection monitors fail to start if the target device name contains Use the following procedure:
non-ASCII characters.
1. Open your registry editor and edit:
HKLM/System/CurrentControlSet/
Control/Class/{4D36E972-E32511CE-BFC1-08002BE10318}/0007/
2. Change the DriverDesc value so
that it contains only ASCII characters.
3. Restart the detection monitor.
3506729 Symantec Data Loss Prevention does not work when it is installed Install Symantec Data Loss Prevention
on a computer with a Turkish locale.
on a computer in any locale other than
Turkish, then change to the Turkish
locale after installation.
For example, install Symantec Data Loss
Prevention on a computer in the French
locale, then change it to Turkish after
Symantec Data Loss Prevention is
successfully installed.
Issue ID Description
1805050 Services fail to start when run by system users with their locale Switch the Windows regional settings to
set to Turkish.
English (USA) before installing Symantec
Data Loss Prevention. Setting the Default
User profile to the US locale results in
Symantec Data Loss Prevention system
user profiles being created with these
settings.
48
Known issues
Network internationalization and localization known issues
Table 3-16
Issue ID Description
Workaround
1819443 Creating an Oracle database on a Turkish operating system gives Workaround: Deploy the Oracle database
a TNS Protocol Adapter error.
to a non-Turkish operating system.
Issue ID Description
Workaround
None.
2582425 Non-ASCII data in the body and subject of an email may not get None.
inspected when sent to Gmail through the iPad Safari web
browser. Mobile Prevent cannot detect the encoding mechanism
that is used by Safari.
2597883 When transmitting data from an iPad, Mobile Prevent fails to
None.
detect data stored in text files encoded with x-mac-cyrillic.
2920361 Mobile Prevent does not display a localized version of attachment None.
names.
3040853 Mail sent from Exchange Server 2010 mail accounts that contain None.
French keyword violations appear corrupted on the incident page.
49