Symantec DLP 14.6 Release Notes

Symantec Data Loss
Prevention Release Notes

Version 14.6
Last updated: 06 December 2016
Symantec Data Loss Prevention Release Notes

Documentation version: 14.6
Last updated: 06 December 2016
Legal Notice
Copyright 2016 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Contents
Chapter 1
Introduction
........................................................................... 5
About these Release Notes ..............................................................

What's new and what's changed in Symantec Data Loss Prevention
14.6 ......................................................................................
Installing patches for Windows Server 2012 R2 ....................................
Installing Symantec Data Loss Prevention 14.6 ....................................
Upgrading Symantec Data Loss Prevention 14.6 ..................................
Finding information about Symantec Data Loss Prevention Cloud
Prevent for Microsoft Office 365 ..................................................
Service for Email ......................................................................
Service for Discovery ................................................................
Finding information about the Symantec Data Loss Prevention Cloud
Service Connector ....................................................................
About accessing the Symantec Support Center ....................................
Chapter 2
5
6
6
6
7
7
7
7
8
8
Fixed issues ............................................................................ 9

Fixed issues in 14.6 ........................................................................ 9
Installation and upgrade issues fixed in 14.6 .................................. 9
Endpoint issues fixed in 14.6 .................................................... 10
Fixed issues in 14.5 Maintenance Pack 1 .......................................... 10
Detection issues fixed in 14.5 Maintenance Pack 1 ........................ 10
Discover issues fixed in 14.5 Maintenance Pack 1 ......................... 10
Endpoint issues fixed in 14.5 Maintenance Pack 1 ........................ 12
Endpoint localization and internationalization issues fixed in 14.5
Maintenance Pack 1 ......................................................... 13
Enforce Server issues fixed in 14.5 Maintenance Pack 1 ................ 13
Fixed issues in 14.5 ...................................................................... 14
Detection issues fixed in 14.5 .................................................... 14
Discover issues fixed in 14.5 ..................................................... 14
Endpoint issues fixed in 14.5 .................................................... 15
Endpoint localization and internationalization issues fixed in
14.5 ............................................................................... 15
Enforce Server issues fixed in 14.5 ............................................ 15
Contents
Installer and Upgrader issues fixed in 14.5 ...................................

Fixed issues in 14.0.2 ....................................................................
Detection issues fixed in 14.0.2 .................................................
Detection internationalization and localization issues fixed in
14.0.2 ............................................................................
Discover issues fixed in 14.0.2 ..................................................
Endpoint issues fixed in 14.0.2 ..................................................
Endpoint internationalization and localization issues fixed in
14.0.2 ............................................................................
Enforce Server issues fixed in 14.0.2 ..........................................
Fixed issues in 14.0.1 ....................................................................
Detection issues fixed in 14.0.1 .................................................
Discover issues fixed in 14.0.1 ..................................................
Documentation issues fixed in 14.0.1 ..........................................
Endpoint issues fixed in 14.0.1 ..................................................
Installer and Upgrader issues fixed in 14.0.1 ................................
Network issues fixed in 14.0.1 ...................................................
Chapter 3
16
16
17
17
17
18
20
20
21
21
22
22
23
23
24
Known issues ....................................................................... 25

Known product issues ...................................................................
Known issues in 14.6 ....................................................................
SharePoint known issues in 14.5 Maintenance Pack 1 .........................
Detection known issues .................................................................
Discover known issues ..................................................................
Documentation known issues .........................................................
Endpoint known issues ..................................................................
Network known issues ...................................................................
Known internationalization and localization issues ...............................
Detection internationalization and localization known issues ..................
Discover internationalization and localization known issues ...................
Endpoint internationalization and localization known issues ..................
Enforce Server internationalization and localization known issues ..........
Installer and Upgrader internationalization and localization known
issues ..................................................................................
Network internationalization and localization known issues ...................
Mobile Prevent internationalization and localization known issues ..........
26
26
30
30
32
40
40
43
43
43
47
47
48
48
49
49
Chapter
Introduction
This chapter includes the following topics:
About these Release Notes
What's new and what's changed in Symantec Data Loss Prevention 14.6
Installing patches for Windows Server 2012 R2
Installing Symantec Data Loss Prevention 14.6
Upgrading Symantec Data Loss Prevention 14.6
Finding information about Symantec Data Loss Prevention Cloud Prevent for
Microsoft Office 365
Finding information about Symantec Data Loss Prevention Cloud Service for
Email
Finding information about Symantec Data Loss Prevention Cloud Service for
Discovery
Finding information about the Symantec Data Loss Prevention Cloud Service
Connector
About accessing the Symantec Support Center
About these Release Notes

These release notes include late-breaking information and are updated periodically.
You can find the most current version of the release notes here:
http://www.symantec.com/docs/DOC9255
Introduction
What's new and what's changed in Symantec Data Loss Prevention 14.6
What's new and what's changed in Symantec Data

Loss Prevention 14.6
For information on new and changed features, see What's New and What's changed
in Symantec Data Loss Prevention version 14.6 at the Symantec Support Center
at
Installing patches for Windows Server 2012 R2

If you use Windows Server 2012 R2, you must install two Microsoft patches,
KB2919355 and KB2919442.
To find out if patch KB2919355 is installed:

1.
Go to Windows System and Security.
2.
Click View install updates in the Windows upgrade section.
3.
Confirm that patch 2919355 is installed.
If the patch is not installed, complete the following steps:

1.
Go to
https://support.microsoft.com/en-us/kb/2919355
and install KB2919355.
2.
Go to
https://support.microsoft.com/en-us/kb/2919442
and install KB2919442.
Installing Symantec Data Loss Prevention 14.6

Before installing Symantec Data Loss Prevention, refer to the Symantec Data Loss
Prevention System Requirements and Compatibility Guide for information about
system requirements. This guide is available online here:
When you are ready to install Symantec Data Loss Prevention, refer to the Symantec
Data Loss Prevention Installation Guide. This guide is available online here:
Introduction

When you upgrade Symantec Data Loss Prevention from a previous release, see
the Symantec Data Loss Prevention Upgrade Guide. This guide is available online
here:
Finding information about Symantec Data Loss

Prevention Cloud Prevent for Microsoft Office 365
Symantec Data Loss Prevention Cloud Prevent for Microsoft Office 365 accurately
detects confidential data in corporate email that is sent from Microsoft Office 365
Exchange.
If you are implementing Symantec Data Loss Prevention Cloud Prevent for Microsoft
Office 365, see the Symantec Data Loss Prevention Cloud Prevent for Microsoft
Office 365 Implementation Guide. This guide is available here:

Prevention Cloud Service for Email
Symantec Data Loss Prevention Cloud Service for Email is a cloud service that
accurately detects confidential data in cloud and corporate email that is sent from
Microsoft Office 365 Exchange, Gmail for Work, and on-premises Microsoft
Exchange.
If you are implementing Symantec Data Loss Prevention Cloud Service for Email,
see the Symantec Data Loss Prevention Cloud Service for Email Implementation
guide. This guide is available here:

Prevention Cloud Service for Discovery
Symantec Data Loss Prevention Cloud Service for Discovery is a cloud service that
accurately detects confidential data in cloud storage applications such as Box,
Dropbox Business, and OneDrive for Business.
Introduction
Finding information about the Symantec Data Loss Prevention Cloud Service Connector
If you are implementing Symantec Data Loss Prevention Cloud Service for
Discovery, see the Symantec Data Loss Prevention Getting Started with the
Symantec Data Loss Prevention Cloud Service for Discovery guide. This guide is
available here:
Finding information about the Symantec Data Loss

Prevention Cloud Service Connector
Symantec Data Loss Prevention Cloud Service Connector is a cloud service that
enables you to build connectors to use custom detectors in the Symantec cloud.
If you are implementing a Symantec Data Loss Prevention Cloud Service Connector,
see the Symantec Data Loss Prevention Getting Started with the Symantec Data
Loss PreventionCloud Service Connector guide, This guide is available here:
If you are using the REST API to develop a connector, see the Symantec Data Loss
Prevention REST API Developers guide. This guide is available here:
About accessing the Symantec Support Center

All Symantec Data Loss Prevention product documentation can be found at the
Symantec Support Center at
In addition to your product documentation, the Symantec Support Center is a
valuable resource for information. The Support Center provides solutions to common
problems, troubleshooting tips, and other useful information. In addition, product
announcements, updated release notes and guides, and product bulletins are
published at the Support Center.
Chapter
Fixed issues
Fixed issues in 14.6
Fixed issues in 14.5 Maintenance Pack 1
Fixed issues in 14.0.2

This section lists fixed issues in 14.6. Unless otherwise noted, all issues are fixed
on the server side.
Installation and upgrade issues fixed in 14.6

Table 2-1
Installation and upgrade issues fixed in 14.6
Issue ID
Description
3951942
Some Data Loss Prevention Oracle TYPE objects are recreated as BYTE instead of CHAR storage
for their char and varchar components during upgrade. This leads to the SQLException: inserted
value too large for column.
4013746
The database is unable to connect and the system crashes.
Fixed issues
Endpoint issues fixed in 14.6

Table 2-2
Issue ID
Description
4010392
Duplicate entries for agents upgraded from versions pre-12.5 to 12.5 or later.
4005713
After you create a Scan Detail with a WalkID greater than 999, when you open the Scan Detail
report from the Scan History pane, an exception is generated.

This section lists fixed issues in 14.5 Maintenance Pack 1. Unless otherwise noted,
all issues are fixed on the server side.
Detection issues fixed in 14.5 Maintenance Pack 1

Table 2-3
Detection issues fixed in 14.5 Maintenance Pack 1
Issue ID Description
3947630 (Server Detection) The Form Recognition profile state shows "Indexing Found some Unusable files" while
the usable forms count is correct.
3950720 (Server Detection) The CUSIP DI rule doesn't detect CINS, PUT, CALL and numbers with spaces.
3961271 (Server Detection) Incidents for some PDF files are not generated for the File Type policy.
3965750 (Endpoint Detection) The Endpoint agent can detect some, but not all, password-protected file types inside
a zip file.
3973120 (Server Detection) For Form Recognition, a match is not detected for all images in a multi-page tiff.
3975347 (Server Detection) Unable to index Form Recognition profile.
3975466 (Server Detection) Need new validator for NIB numbers for upgrader file.
Discover issues fixed in 14.5 Maintenance Pack 1

Table 2-4
Discover issues fixed in 14.5 Maintenance Pack 1
3936171
(On-premises Discover) SharePoint FlexResponse Plugin does not quarantine files on SharePoint 2010.
10
Fixed issues
Table 2-4
Discover issues fixed in 14.5 Maintenance Pack 1 (continued)
3946944
(Cloud Discover) The Exclude Users/User Paths filter for Cloud Storage Discover targets is case sensitive.
User and user lists must be entered in lowercase characters only.
3950998
(Cloud_Discover) There is a discrepancy in number of processed users in Scan statistics.
3958481, (Cloud_Discover) Scheduled scan does not work and gives a "no authorization is defined" message.
3974757
3965509
(On-premises Discover) Collaborator remains between the scanning user and quarantine user when the
quarantine user storage limit is exceeded or there is no permission to upload the file to the quarantine
user.
3965516
(On-premises Discover Box) User exclude path causes the collaborated folder to be skipped during
scanning.
3965521
(On-premises Discover) The User/folder exclusion is case sensitive and must be in lowercase to work.
3966475
(On-premises Discover Box) Duplicate entries of ALI Files are shown in the ownerBasedFilePath
field of the metadata file.
3966478
(On-premises Discover) An error appears when a visual tag action is deleted from response rule.
3966480
(On-premises Discover Box) If a Box user has the same display name as another Box user, Data Loss
Prevention scans only one user out of the same-name users.
3966678
SharePoint scans only run for a short time after upgrade to 14.0.2.
3969788
(Cloud Discover) Incremental and deduplication filters should fail an item and not the crawl if the item key
or item set key is unobtainable.
3969789
(Cloud Discover) Scan in queued state should not be editable.
3969940
(Cloud Discover Box) When you click Queued or Scanning in the Scan Status column to view the scan
history for a specific target, you see an error message instead of the different walks for the specified target.
3970141
(On-premises Discover) SharePoint scans terminate on receiving a SOAP fault exception instead of
skipping that item and continuing with the rest of the items.
3971364
(Cloud Discover) Ths exclude user/userpath filter for OneDrive target is not enabled by default. Users
must add a property to manager.properties to enable the exclude user/ userpath filter.
3974517
(Cloud Discover) Running a scan after a monitor controller restart results in an authorization issue. Entries
are deleted from the scan container on Monitor Controller restart.
3975111
(Cloud Discover) Box visual tag addition fails when the log is enabled at FINEST level.
3975112
(Cloud Discover) Box visual tag addition fails when the tag contains special characters.
11
Fixed issues
Table 2-4
Discover issues fixed in 14.5 Maintenance Pack 1 (continued)
3975113
(Cloud Discover) Processed count shows as completed for the scanning user when Scan is in a Paused
state.
3975116
(Cloud Discover) Box file downloading error message contains placeholders such as 0 or 1.
3976188, (Cloud Discover) Item ID, Location, and File Owner information is missing from the Access Information
3980863 CSV file.
Endpoint issues fixed in 14.5 Maintenance Pack 1

Table 2-5
Endpoint issues fixed in 14.5 Maintenance Pack 1
3920309
(Endpoint General) Sensitive file gets uploaded to Google Drive site.
3923265, (Endpoint General) Failure to monitor WebSocket protocol in browsers on the Endpoint Agent.
3964478
3953100
(Endpoint General) An Agent event with an extended value greater than 4Kthat is received by Monitor
Controller with incorrect transient SQL exception handling results in an endless MonitorController loop
and agent data persistence outage.
3954340
(Endpoint Detection) Exclude prefix does not work for the Endpoint Agent.
3962271
(Endpoint General) VFSMFD and other drivers are not protected against tampering through the registry.
3962282
(Endpoint General) File restoration does not work on a DFS share.
3962284
(Endpoint General) Symantec Data Loss Prevention fails to detect file upload to Google Drive by Gmail
with Internet Explorer 11 and Firefox 46.
3962285
(Endpoint General) Symantec Data Loss Prevention cannot detect the photos that are uploaded to
photos.google.com.
3962290
(Endpoint General) Agent crashes when Microsoft System Center 2012 R2 is launched.
3970310
(Endpoint General) Sensitive content posted on media.daum.net it is not monitored on Symantec Data
Loss Prevention versions 12.5.2, 14.0.1, and 14.5 when using Internet Explorer and Firefox.
3970731
(Endpoint General) Support for Firefox 64-bit.
3970993
(Endpoint Detection) The file name in ZIP is reported as DefaultFileName if the file name is not encoded
by UTF-8.
3972200
(Endpoint General) The Endpoint agents get an Application error in brkrprcs64.exe after each reboot.
12
Fixed issues
Table 2-5
Endpoint issues fixed in 14.5 Maintenance Pack 1 (continued)
3972225
(Endpoint General) The UI_CONSECUTIVE_TIMEOUT setting does not work for values lower than 10
seconds.
3973289
(Endpoint General) With Outlook 2016 a restart is necessary when the agent is upgraded to the latest
version.
3980698
(Endpoint General) SharePoint FlexResponse Plugin does not quarantine files on Sharepoint 2010 because
of a java.net.NetPermission issue with SharePoint connector quarantine.
3980699
(Endpoint General) Chrome crash after copy with Symantec Data Loss Prevention endpoint agent installed.
3984489
(Endpoint General) OneDrive data and SharePoint data are not detected with the latest new user interface
for a Microsoft for Business account.
3984575
(Endpoint General) SharePoint 2016 quarantine fails but does not reflect the failure state on the incident
report.
3986665
(Endpoint General) When you use Firefox and Internet Explorer HTTPS monitoring, the attached and
uploaded sensitive files on OneDrive from Outlook.com are not monitored.
3995791
(Endpoint General) Mac OS X crashes when Symantec Data Loss Prevention tries to access the
Chinese/Japanese/Korean network share path with the long form of the along path.

Maintenance Pack 1
Table 2-6

Maintenance Pack 1
3984451 Endpoint response message box returns Thai language at Allow and Cancel options.
3988150 Firefox and Chrome crash when the end-user attempts to copy text or a website URL for some websites
in Turkish.
Enforce Server issues fixed in 14.5 Maintenance Pack 1

Table 2-7
Enforce Server issues fixed in 14.5 Maintenance Pack 1
3961101 (Enforce) Data Insight login functionality is broken for passwords having special characters.
13
Fixed issues
Table 2-7
Enforce Server issues fixed in 14.5 Maintenance Pack 1 (continued)
3966769 (Enforce) There is a performance issue with the Pending attributes lookup SQL query where the Enforce
UI hangs or there is a delay in Manager startup.
3982978 Not able to quarantine files with double byte character set file name with SharePoint Quarantine
FlexResponse plug-in.
3987642 (Enforce) Quarantine FlexResponse filesystem is not resetting the last access date.
3988383 (Policy Content) Need to modify Credit Card Number DI to support new MasterCard BIN range.

This section lists fixed issues in version 14.5. Unless otherwise noted, all issues
are fixed on the server side.
Detection issues fixed in 14.5

Table 2-8
Detection issues fixed in 14.5
3753839 The FileReader failed to start when the EventLog Startup event (code 6005) was missing from the Windows
System Event queue.
Discover issues fixed in 14.5

Table 2-9
Discover issues fixed in 14.5
2559510 Network Discover did not scan mailbox archives when using an alias for the mailbox name.
3701715 Editing Directory connections that had been indexed was very slow on upgraded systems.
3723941 Symantec Data Loss Prevention truncated content root paths that included the "&" character.
3909265 Cloud Storage Discover did not clean up temporary KV**** files from the temp directory.
14
Fixed issues

Table 2-10
2128427 The Print/Fax incident detail page displayed "unknown" as the printer name for incidents in Microsoft Word
files.
3717453 The Symantec Data Loss Prevention Agent loaded post-processor commands incorrectly, reversing the
order of commands and conditions with numeric values, such as the Severity condition. This is an agent-side
fix.
3805717 EDM detection failed for documents in the body or attachment of Microsoft Outlook emails. This is an
agent-side fix.
3807139 Policy exceptions did not work for URLs or Groups.
3857040 Symantec Data Loss Prevention did not detect sensitive keywords in the Notes section of master slides in
Microsoft PowerPoint. This is an agent-side fix.
3930738 Printing PDF files from the web using Microsoft Internet Explorer took longer than expected.

Table 2-11
3695349 In some localized versions of Symantec Data Loss Prevention, selecting "bytes" as a file attribute caused
an unexpected error.
Enforce Server issues fixed in 14.5

Table 2-12
Enforce Server issues fixed in 14.5
3703898 Incident components were encrypted with an unknown key and could not be decrypted by the Enforce
Server.
3719685 The Monitor Controller occasionally failed to send data to detection servers because of outdated or missing
locator objects (LOBs).
3767165 The total incident count in the incident summary exceeded the Java Integer.MAX_VALUE, and appeared
as negative value in the Enforce Server administrative console.
15
Fixed issues
Table 2-12
Enforce Server issues fixed in 14.5 (continued)
3771585 Filtering incidents by the "Incident Notes" field did not work correctly.
3869321 The AdminPasswordReset tool did not work correctly on upgraded systems.
3884745 Symantec Data Loss Prevention users were unable to renew their passwords when accessing the Enforce
Server administrative console on Microsoft Internet Explorer 11.
3885164 Symantec Data Loss Prevention frequently displayed the system alert Agent data batch persist
error - code 4050 - Null Pointer Exception in Monitor Controller.
3891897 Symantec Data Loss Prevention failed to synchronize with Active Directory, returned a Null Pointer exception.
3895006 The System > Login Management > Roles > Users page displayed user names in random order.
3931600 Symantec Data Loss Prevention occasionally encountered invalid character errors due to an issue in
ojdbc6.jar.
3936251 Symantec Data Loss Prevention occasionally encountered unexpected errors due to a change in the SSN
data identifier.
Installer and Upgrader issues fixed in 14.5

Table 2-13
Installer and Upgrader issues fixed in 14.5
3892499 The upgrade process failed at the migration stage with the error ORA-06502: PL/SQL: numeric or
value error: number precision too large.

This section lists fixed issues in version 14.0.2. Unless otherwise noted, all issues
16
Fixed issues
Detection issues fixed in 14.0.2

Table 2-14
Issue ID
Description
3905447
IDM detection failed on the detection server if the ContentExtraction.EnableMetadata advanced

setting was set to on. It also failed on the endpoint agent if the Detection.Enable_Metadata.str
advanced agent setting was set to on.
3910388
The Custom Script Validator was unstable when parsing scripts that included "if" statements.
Symantec Data Loss Prevention includes a new version of the Custom Script Validator. To enable
this new version, add the following line to the
SymantecDLP/Protect/config/protect.properties file on the Enforce Server and each
detection server:
customscriptengine.validator.version = 3.0
3915894
Symantec Data Loss Prevention did not extract and detect content encoded in UTF-8 properly.
Detection internationalization and localization issues fixed in 14.0.2

Table 2-15
Detection internationalization and localization issues fixed in 14.0.2
Issue ID
Description
3903579
Symantec Data Loss Prevention did not properly detect Korean characters.
Discover issues fixed in 14.0.2

Table 2-16
Issue ID
Description
3849050, 3901029 The Save button was disabled after adding a new content root to a Discover target.
3898060
Discover scans of Microsoft SharePoint 2010 targets failed if any list item contained an invalid
character in its description.
3901031
A paused Discover scan will not restart after being moved to another Discover server.
3901033
Symantec has increased the default value for the FileReader.MaxFileSystemCrawlerMemory

parameter to 1024 MB.
3901034
Symantec has improved the Scan Details logs to support better automatic parsing.
17
Fixed issues
Table 2-16
Discover issues fixed in 14.0.2 (continued)
Issue ID
Description
3906215
Microsoft SharePoint 2010 scans failed with an unknown error.
3908853
Box scans fail completely if a Box API error occurs while fetching the child objects from a folder.
3908857
Cloud Storage Discover fetched Collaborator information from Box unnecessarily.
3908859
Cloud Storage Discover returned an inaccurate user count for Box user groups.
3908860
Symantec Data Loss Prevention did not display an accurate error message when you entered
an invalid scan schedule.
3908863
For Box scans, Symantec Data Loss Prevention displayed the label "Box" in the Processed
Fields column of the Scan Details page, rather than the correct label "Users."
3921903
After deleting content roots from a Discover scan target, you could not add new content roots
directly.
Endpoint issues fixed in 14.0.2

Table 2-17
Issue ID
Description
3886958
After upgrading the DLP Agent on Mac, response rules failed for policies that included more than
a single response rule.
3894844, 3897692 The DLP Agent on Windows did not monitor files uploaded to Google Drive due to a file permission
error.
3897595
Installing the DLP Agent on Mac occasionally caused kernel panics and reboot loops. This is an
agent-side fix.
3897596
The DLP Agent did not throttle network communication as specified in the Enforce Server
administration console.
3897597
The DLP Agent caused a fatal system error on the endpoint computer when viewing the file
properties of files on Andrew File System (AFS) drives. This is an agent-side fix.
3897607
The DLP Agent caused endpoint computer applications to quit unexpectedly when users copied
data from those applications and Clipboard Monitoring was enabled. This is an agent-side fix.
3897691
Network filtering in Agent Configuration was not working as expected on Firefox.
3897696
The DLP Agent did not detect all sensitive content when uploading multiple files to 2shared.com.
This is an agent-side fix.
18
Fixed issues
Table 2-17
Endpoint issues fixed in 14.0.2 (continued)
Issue ID
Description
3897699
The DLP Agent quit unexpectedly when monitoring files with file names exceeding 260 characters.
3897703
The AttributeQueryResolver tool returned an incorrect value for the AgentHostVersion of Microsoft
Windows 10 endpoint computers.
3899115
The URL field in HTTPS incident snapshots displayed the IP address rather than the proper URL.
3901038
The DLP Agent occasionally caused fatal system errors on 32-bit endpoint computers. This is
an agent-side fix.
3901040
Endpoint computer users occasionally encountered an error related to NSS3.dll when starting
Firefox. This is an agent-side fix.
3901041
The DLP Agent encountered occasional problems parsing text in MIME format sent in web emails.
3901042
The DLP Agent caused the endpoint computer to drop its connection to a mapped DFS file share
when users copied files to that mapped share. This is an agent-side fix.
3901043
The Endpoint Copy to Share feature caused "could not lock file" errors when two users accessed
the same Microsoft Access MDB or ACCDB files. This is an agent-side fix.
3904143
The DLP Agent caused fatal system errors on endpoint computers running Symantec Endpoint
Protection and configured to monitor Microsoft Office files with Invincea. This is an agent side
fix.
3909401, 3922454 The DLP Agent prevented virtual machines from starting when installed on Citrix XenApp 7.6
servers. This is an agent-side fix.
3910883
The DLP Agent caused Google Chrome to become unresponsive after a user pasted clipboard
content into Chrome. This is an agent-side fix.
3911614
The DLP Agent caused high CPU usage on endpoint computers when users browsed the web
using Microsoft Internet Explorer with HTTPS monitoring enabled. This is an agent-side fix.
3913682
The DLP Agent occasionally caused explorer.exe to fail to load on Microsoft Windows endpoint
computers. These computers would display only a black screen. This is an agent-side fix.
3915744
The DLP Agent now functions on endpoint computers running in Windows Safe Mode. This is
an agent-side fix.
3922010
The DLP Agent occasionally caused Java overlapping I/O errors when Network Share monitoring
was enabled. This is an agent-side fix.
19
Fixed issues
Table 2-17
Endpoint issues fixed in 14.0.2 (continued)
Issue ID
Description
3923238
Endpoint computers with the DLP Agent and Websense DCEP and Proxy installed became
unresponsive. This is an agent-side fix.
Endpoint internationalization and localization issues fixed in 14.0.2

Table 2-18
Endpoint internationalization and localization issues fixed in 14.0.2
Issue ID
Description
3901037
The User Cancel dialog box had a mistranslation of the word "Allow" in the German locale. This
is an agent-side fix.
Enforce Server issues fixed in 14.0.2

Table 2-19
Enforce Server issues fixed in 14.0.2
Issue ID
Description
3873394
The uniform naming convention (UNC) path could not be resolved for incidents exported to CSV
files.
3892472
Symantec Data Loss Prevention failed to generate the ZIP archive of policy details for policies
with missing or undefined information.
3895012
Symantec Data Loss Prevention did not clean up locator objects (LOBs) from the Oracle database
TEMP tablespace, resulting in a memory leak in that tablespace.
3895014
Symantec Data Loss Prevention garbled some incident data because the SYSTEM cryptographic
key in the Oracle database was overwritten after registering a new Endpoint detection server, or
enabling the Endpoint channel on an existing detection server.
3895016
The MonitorController0.log file displayed multiple null pointer exception error alerts while
processing endpoint agent information.
3897511
DLP users were displayed in a random order on the Users tab of the System > Login
Management > Roles > Configure Role page.
3897616
The Enforce Server failed to automatically connect to the Symantec Cloud Gateway after a DNS
resolution failure.
3900158
User synchronization failed due to a null pointer exception when synchronizing the Active Directory
source.
20
Fixed issues
Table 2-19
Enforce Server issues fixed in 14.0.2 (continued)
Issue ID
Description
3904182
The detection server configuration page was very slow to load in the Enforce Server administration
console.
3916379
Network Monitor and SMTP Prevent did not work when the Enforce Server was connected to
both an on-premises detection server with packet capture and a cloud detector.
3917580
Symantec Data Loss Prevention 14.0.2 includes a more comprehensive solution for the numeric
overflow issue introduced in Symantec Data Loss Prevention 12.x. For more information about
this issue, see these articles at the Symantec support site:
http://www.symantec.com/docs/ALERT1836 and http://www.symantec.com/docs/TECH230477
3917648
Editing a Discover target prevented all other Discover targets in the same policy group from being
concurrently edited. The Enforce Server administration console displayed the error message
"The scan assignment is currently locked by another user."
3919403
Cloud detectors encountered issues when reading policy data provided by the Enforce Server.

This section lists fixed issues in version 14.0.1. Unless otherwise noted, all issues

Table 2-20
3797881 Incident counts were lower for detection servers on Microsoft Windows Server 2008 platforms than for
those on Red Hat Enterprise Linux 5.x platforms.
3790152 "Sender-matches" pattern rules did not work correctly for HTTP incidents.
3804060 Exact-match IDM detection failed for some files.
3805718 EDM detection failed for message bodies and attachments in Microsoft Outlook.
3807155 Directory group and domain exceptions did not work as expected.
21
Fixed issues
Table 2-20
Detection issues fixed in 14.0.1 (continued)
3821980 Group directory indexing occasionally failed due to LDAP OBJECT_NOT_FOUND errors.
Symantec Data Loss Prevention 14.0.1 includes a new Indexer.properties setting to address this issue:
com.vontu.profiles.directoryconnection.maxObjectNotFound.
For information about configuring this setting, and additional information about directory user group indexing,
see this article at the Symantec Knowledge Base: http://www.symantec.com/docs/TECH232712.
3826651 DCM detection on PDF files did not work as expected.

Table 2-21
Issue ID
Description
3789420
After upgrading to Symantec Data Loss Prevention 12.5, editing access to indexed directory
connections was very slow.
3797890
Content root paths entered directly in a Network Discover target were truncated at the "&" symbol.
3801397
In Box Crawler incident reports, the string "Box" was replaced by the number "43."
Documentation issues fixed in 14.0.1

Table 2-22
Issue ID
Documentation issues fixed in 14.0.1
Description
3816059, 3839227 Three new advanced server settings have been introduced in Symantec Data Loss Prevention
14.0.1: CONNECT_DELAY_POST_WAKEUP_OR_POST_VPN_SECONDS,
NetworkMonitor.NETWORK_THREAD_CONCURRENCY_COUNT.int, and
NetworkMonitor.NETWORK_REQUEST_QUEUE_COUNT.int.
For information about these advanced server settings, see the latest version of the Symantec
Data Loss Prevention Administration Guide here: http://www.symantec.com/docs/DOC8734
22
Fixed issues

Table 2-23
Issue ID
Description
3781882
The agent start delay to fetch the user locale was hard-coded to one second. The delay time is
now customizable.
To customize the agent start delay time, follow this procedure:
Navigate to the Agent Configuration page: System > Agents > Agent Configuration.
Select the desired agent configuration to edit.
On the Advanced Agent Settings tab, enter an integer value between 1 and 20 for the
LocalizationManager.LOCALE_RECEIVING_DELAY_ON_NEWUSER_LOGON_IN_SECONDS.int
setting.
Click Save.
3790590
Endpoint location awareness was delayed after endpoint startup, resulting in false positive
incidents.
3790633
Multiple notifications were displayed for yahoo.com email incidents.
3790638
Multiple notifications were displayed when users saved files to the Microsoft OneDrive sync folder.
3797883
Printer/Fax incident details did not identify the printer for Microsoft Word documents. The printer
was labeled "Unknown."
3804794, 3836926 The TIMS database application was unavailable when the DLP Agent was deployed on a Citrix
virtualized desktop.
3830719
The DLP Agent did not block files uploaded through the Microsoft Silverlight plug-in.
3834739
DLP Agent HTTP monitoring performance has been improved in Citrix XenApp environments.
3844329
Users experienced poor performance when accessing or adding to Microsoft Internet Explorer
Favorites.
Installer and Upgrader issues fixed in 14.0.1

Table 2-24
Installer and Upgrader issues fixed in 14.0.1
3735480 If you were using Oracle 12c for your Symantec Data Loss Prevention database, you could not upgrade
your Symantec Data Loss Prevention installation.
23
Fixed issues
Network issues fixed in 14.0.1

Table 2-25
Network issues fixed in 14.0.1
Issue ID
Description
3796483
When detection errors occurred in SMTP traffic, the error message was returned to Symantec
Data Loss Prevention, but the SMTP message was passed downstream.
3796948
Network Prevent for Web HTTP Response monitoring could not correctly identify file names for
IBM (Lotus) Notes documents. Contact Symantec Technical Support for more details about fixing
this issue for your specific IBM/Lotus Notes installation.
24
Chapter
Known issues
Known product issues
Known issues in 14.6
SharePoint known issues in 14.5 Maintenance Pack 1
Detection known issues
Discover known issues
Documentation known issues
Endpoint known issues
Network known issues
Known internationalization and localization issues
Detection internationalization and localization known issues
Discover internationalization and localization known issues
Endpoint internationalization and localization known issues
Enforce Server internationalization and localization known issues
Installer and Upgrader internationalization and localization known issues
Network internationalization and localization known issues
Mobile Prevent internationalization and localization known issues
Known issues

The following tables list known issues. The issue ID is an internal number for
reference purposes only.

This section lists known issues in 14.6. The issue ID is an internal number for
reference purposes only.
Table 3-1
Detection known issues in 14.6
Issue ID
Description
Workaround
3954883
Form Recognition, EDM, and IDM indexes no longer work

after uninstalling then re-installing Symantec Data Loss
Prevention with a preserved schema.
Reindex your Form Recognition, EDM, and

IDM indexes.
4015406
The template for export/import does not support contextual None.

attribute rules. So policies are imported with only the keyword
and the regex rules.
Table 3-2
Discover Known issues in 14.6
Issue ID
Description
Workaround
3948621
Incremental scans of cloud

storage targets will not pick
up any changes for filters
applied after the target is
created.
Perform a full scan of any

cloud storage target after
applying filters.
Table 3-3
Enforce Server known issues in 14.6
Issue ID
Description
Workaround
3973181
Symantec Data Loss Prevention services fail to load on Red To work around this issue, see the solution
Hat Enterprise Linux 7.2 systems. This issue is related to
here:
https://bugzilla.redhat.com/show_bug.cgi?id=1285492.
https://access.redhat.com/solutions/2067013.
4009835
SMTP notifications and RSYSLOG messages do not contain None.

the same information that the user interface contains for the
for cloud connector incidents.
4010911
Rest incident tables are not shown in the Incident list.
None.
26
Known issues
Table 3-3
Enforce Server known issues in 14.6 (continued)
Issue ID
Description
Workaround
4012310
DIM/DAR incidents do not have corresponding lookup keys None.

in Enforce, so we cannot create lookup plugins for those
incident types (attachment, incident, recipient, sender,
date-sent, and subject).
4013348
When the data retention response is used, there is still a link None.
to view the original message in the incident details. The link
is empty.
4014481
The output text for contextual rules does not contain the
None.
expected policy details that you see in the output for keyword
rules.
4015011
RBAC: Invalid validation error on selecting Cloud Connector None.

Control and All Policy Groups on Policy Management tab.
4015011
The user sees an invalid validation error upon selecting

Cloud Connector Control and All Policy Groups on the
Policy Groups Management tab.
4015404
When a user selects All Cloud Connectors Incidents and None.

attempts to export the entire list using the XML export option,
Enforce shuts down.
4016237
The contextual Attribute Rule names are not displayed in

Enforce when the user selects the view policy link in the
incident snapshot.
4016276
The policy version is not updated in Enforce after a contextual None.

attribute rule is added to an existing policy.
4016280
Contextual attribute rule with attribute "Browser" IE shows

as Ireland (IE) on Configure policy page.
None.
4016493
Cloud connector UI displays deleted policy groups
None.
4016495
When upgrading from Lyra to Draco the existing network

incidents severity counter is not being shown correctly on
the incident summary page
None.
4016585
Onedrive authorization creation failing
See KB article for more information on how

to convert the pfx file to a file that uses
FIPS compliant algorithms and convert the
pfx file to a jks formatted file.
None.
None.
27
Known issues
Table 3-3
Enforce Server known issues in 14.6 (continued)
Issue ID
Description
4017473
When importing a policy and using a non-main admin user, None.

on a fresh install there is a failure message due to a db lookup
of permissions.
Table 3-4
Workaround
Endpoint macOS known issues in 14.6
Issue ID
Description
Workaround
4011098
Microsoft Office Excel (Mac)' is whitelisted by default for

monitoring on the Mac agent.
The default entry, Microsoft Office Excel

(Mac) on the Application monitoring page,
has the Removable media and Copy to
Share channels disabled. Microsoft Excel
has issues with Save and Save As on
removable media and network shares.
Microsoft Excel is white-listed by default
for monitoring on the Mac agent. Contact
Symantec support for additional details on
the Excel-specific issues.
4011142
and
4011113
Adobe Reader is whitelisted on the Application Monitoring Contact Symantec support for additional
screen. The application is whitelisted to prevent it from
details.
crashing when users attempt to save sensitive files to
removable storage devices or network shares.
4010574
When a user saves a Microsoft Office 2016 Word,

PowerPoint, or Excel file to a removable storage device or
network share, a Grant Access pop-up displays that the
user must accept to continue the save operation.
4011997
When a user moves a read-only file to a removable storage None.

device or network share that replaces a file with the same
name, and the endpoint user cancels the operation when a
username and password are requested, the file to be replaced
gets deleted.
4012000
When a user attempts to save a Microsoft PowerPoint 2016 None.

file that contains sensitive data to a Windows or Linux network
share over a file with the same name, both files are deleted.
None.
28
Known issues
Table 3-5
Documentation known issues in 14.6
Issue ID
Description
Workaround
3984581
Detection matcher core fails to interpret an intersection

pattern and sends it to RE2 for processing.
None.
4001300
The "Filter by Printer Properties" topic in the online Help

None.
incorrectly states that users can specify printers that are
approved for sensitive file uploads. Users can specify printers
that are approved for printing sensitive information.
Also, the topic states that users can specify the network name
to ignore network printers from monitoring. Instead, users
must specify the server printer name.
4015875
Need to update online Help for the new advanced agent

None.
setting
FileSystem.MONITOR_READ_ONLY_VOLUMES.int. This
setting controls whether DLP monitoring is done in the case
of an Explorer copy if the destination volume is a read-only
volume. The default setting is 1. Enter 1 to continue
monitoring read-only volumes in an Explorer copy operation.
Enter 0 to stop monitoring of read-only volumes in an Explorer
copy operation. This setting is documented in the Symantec
Data Loss Prevention Administration Guide.
4015979,
4003050,
4012169
If the macOS is updated to a version greater than 10.11.6,

a Critical agent alert display on the Agent Overview screen,
and the agent no longer monitors the SIP-protected Google
Chrome and Safari applications. You update the
Hooking.SIP_Agent_OSX_VERSION_COMPATABILITY.str
advanced agent setting to monitor SIP-protected applications
on the latest supported macOS.
For more information about this issue,

including the latest SIP support details, see
this article at the Symantec support site:
http://www.symantec.com/docs/TECH235226
You can also refer to the version 14.6

Symantec Data Loss Prevention
Administration Guide for the latest SIP
The online Help does not list all supported macOS versions
details. This guide is available online here:
and DLP Agent versions. Also, the online Help directs users
to restart the agent service to apply new settings, which is http://www.symantec.com/docs/DOC9261
not required.
29
Known issues
SharePoint known issues in 14.5 Maintenance Pack

1
Table 3-6
Workaround
3980999, After sensitive documents from team discussion are uploaded None.
3989738 and scanned, the SharePoint 2016 quarantine is successful
and the marker file is created and the extension is replaced by
txt. However, the link is not updated to point to the marker file,
so the user sees a blank file.
3989811
SharePoint 2010 does not work properly with the plug-in for
Use the following combination for
quarantine and quarantine release with the Maintenance Pack SharePoint 2010 and Maintenance Pack
1 solution.
1:
14.5 Maintenance Pack 1 quarantine

and release from quarantine jars
14.5 Maintenance Pack 1 Enforce
Server
14.0 Solution
3989735
SharePoint 2016 is not able to quarantine calendar and task

items with zip attachments.
None.
3989736
When SharePoint versioning is enabled for all types of

applications and libraries, only some versions of the multiple
versions are quarantined.
None.

Table 3-7
Workaround
1799071 If multiple recipients are specified in the Recipient Pattern field When creating the Recipient Pattern rule,
and the MatchCounting option is greater than 1, incidents are
set MatchCounting to At least 1
not created even if two or more recipients match the pattern.
recipient must match.
Incidents are not created either on the detection server or stored
in the DLP Agent.
1826457 DGM policies based on EDM profiles do not detect email
addresses formatted in Lotus Notes hierarchical format.
None.
30
Known issues
Table 3-7
Detection known issues (continued)
Workaround
1851220 Endpoint Email/SMTP cross-component matching of compound None.

EDM policies does not work when the keyword or regular
expression pattern is in the subject line and the EDM violation is
in the attachment. For example, a policy contains a compound
rule with a keyword and EDM condition. If a message is sent with
a keyword violation in the subject line and an EDM violation in
the attachment, Endpoint Prevent will not register this incident.
1852542 False positive incidents may be generated with a compound
exception where one rule is a Context type exception and the
second is a DCM exception.
After compounding the DCM exception

to a context type exception, change the
default selection from Matched
Components to Entire Message.
2131156 You cannot detect custom file types on the endpoint if you
combine a Custom File Type Signature condition with an EDM
condition in the same policy rule.
Use a Data Identifier condition with a

Custom File Type Signature condition to
detect precise data from custom file types
on the endpoint.
2191684 Keyword Proximity matches are counted per matched pair on a Do not use match thresholds with
detection server. However, they are counted per word on an
Keyword Proximity conditions.
endpoint computer. Policies set to create incidents above a match
threshold can produce inconsistent results between the products.
2203882 When configuring a detection condition for Classification to match None.
on only the body of an email message, Classification policies
match on the body of the email as well as the body of all emails
attached to it even if they are email attachments of email
attachments. Any attachment that is not an email itself, will not
match.
Additionally, when configuring a detection condition for
Classification to match on only attachments, Classification policies
match on all attachments with the exception of the body of emails
attached; all other attachment types will match even if they are
part of attached emails.
2629339 When using Titus to classify documents in combination with
None.
Symantec Data Loss Prevention metadata detection, certain tags
added by Titus cannot be detected. The data is stored by Titus
in the XMP metadata for PDF files which is not extracted by
Symantec Data Loss Prevention.
3521579 If a policy exception is configured for deployment to the endpoint None.
and the exception requires two-tier detection, duplicate incidents
are generated.
31
Known issues
Table 3-7
Detection known issues (continued)
Workaround
3521605 The actual indexing of an Active Directory server (creation of the

*.rdx file) occurs only after you have created a user group and
chosen the "Refresh group directory index on Save" option. If
this option is not selected, no indexing is done.
Make sure that you create the user group

and select the option "Refresh group
directory index on Save." Alternatively,
you can schedule the indexing after you
have created the user group. In this case,
indexing occurs at the scheduled indexed
time.
3811922 Form Recognition does not detect images in the JPEG2000

(.jp2) file format.
None.
3870350 Symantec Data Loss Prevention cannot open TIFF files with a
mix of color, grayscale, and binary images.
None.
3895984 The Image Extractor plug-in used for Form Recognition supports None.
PDF version 1.2 and later. Earlier versions of the PDF file format
are not supported.
3948274 Form Recognition policies create duplicate matches for the first None.
image in a multi-page TIFF file.
3949451 Symantec Data Loss Prevention displays an error for data
identifiers with patterns separated by line breaks. Line breaks
are not supported in data identifier patterns.
Remove all line breaks from your data

identifier patterns.
3951890 Enabling the Image Extractor plug-in for Form Recognition

None.
degrades the performance of PDF file detection. This issue affects
PDF files regardless of whether or not they contain any form
images.
3962659 Symantec Data Loss Prevention does not detect PDF files
None.
encapsulated in macbin files. Macbin is a pre-OS X Mac file
format. This behavior is observed on both servers and endpoints.

Table 3-8
1961596

Workaround
Network Protect (copy or quarantine) does not work on Windows None.

2008 DFS file shares.
32
Known issues
Table 3-8
Discover known issues (continued)
Workaround
1974658
For a Discover integrated Exchange 2007 target, the open in

browser link in the Discover incident snapshot does not open
the correct document.
None.
2075096
The Discover report filter Does Not Match Exactly is sensitive Use the exact path separator as
to path separators. Using / when the path separator in the
specified in the content root used to scan
incident contains \ or vice versa does not produce the expected the share.
result.
2122460
If a file share has incremental scanning enabled, and you

None.
quarantined an entire folder and its contents from the file share,
then restore the entire folder from quarantine, the sensitive data
in the restored folder will not be scanned again if incremental
mode is enabled.
2132915
Starting a scan on a new Discover Server can result in files being Wait a few moments before starting the
re-scanned. This is likely due to the time it takes to propagate second scan. Give the index time to
the incremental index. If the scan starts before the server has update.
received all of the index updates, then some files can be
re-scanned.
2138956
Protect copy remediation fails if blank credentials are used to

scan a content root in a Discover target.
To determine if blank credentials are

causing this problem, create a separate
target for the content root with the blank
credentials. Set the default user
credentials to blank for that target. Look
for the following error message in the
FileReader.log log file:
jcifs.smb.SmbAuthException: The
referenced account is currently locked
out and may not be logged on to
2150273
In a Discover snapshot of an incident from the integrated

Use Internet Explorer if the link fails to
Exchange scan, the Open in browser option may not work for work from Firefox and vice versa.
some items, depending on the item as well as the browser.
2233064
Libraries for Endpoint FlexResponse and Server FlexResponse None.

are unintentionally available to plug-in developers. Plug-in
developers should not see these libraries.
2240919
A Server FlexResponse plug-in running in multiple threads may Limit the number of simultaneous plug-in
leave incidents in the Requested protect state.
threads. Set the default number in the
maximum-thread-count property in the
plug-in properties file to 1.
33
Known issues
Table 3-8
Workaround
2483068
The "Ignore smaller than" filter may not work for certain smaller None.
files on Microsoft Exchange 2010 targets. Because Exchange
email files are scanned by Network Discover in both plain text
and HTML format, the file size represented in the target list page
is larger than the actual file in Exchange.
2497863
The Open In Browser link does not work for archived mailbox
items.
None.
2511738
Network Discover occasionally times out when scanning large

items in Microsoft Exchange.
None.
2529816, Some items on broadcast sites created with Microsoft Web Apps None.
2531206 on SharePoint 2010 and 2013 servers are not scanned. Only
the following items on broadcast sites are scanned:
Announcements, Calendar items, Tasks, and Shared Documents.
2583801
Parallel scans of IBM (Lotus) Notes targets in DIIOP mode return None.
fewer scanned bytes for a given target than a single scan does.
2703756, The Scan History page always displays the incident count of
2737410, Endpoint Discover scan targets as N/A.
2738374
To view the incident count for an

Endpoint Discover scan target, go to the
Scan Details page by clicking the link in
the Scan Status column.
2883828, Network Discover scans skip files lacking file extensions.

2943550
In the
VontuFileSystemScanner.cfg file,
add a wildcard value to the
DirectoryFileMatch property:
DirectoryFileMatch=*
2941562
If you stop a Content Root Enumeration scan, the elapsed time Allow the scan to run to completion, and
displays as zero.
the elapsed time will display correctly.
2980582
The column named "Protect Status" on the incident view page

is named "Message Status" when you export the incident to a
CSV file.
None.
3035527
The scanner installation file overwrites existing scanner

installations without displaying a warning message.
None.
3050222
The File System Scanner will not run as a service on AIX

systems.
Install the File System Scanner as an

application, not a service.
34
Known issues
Table 3-8
35
Workaround
3082527
If the Discover Server runs out of disk space while running an

incremental scan, the incremental scan becomes stuck in the
Running state.
Clear some disk space on your Discover

Server, then the scan will automatically
resume.
3182501
If Symantec Endpoint Prevention is installed on your Discover

Server, your Discover remote target scans will not work
Whitelist the ports connecting your

Discover Server to your Discover remote
scanner targets in the Symantec
Endpoint Protection firewall settings.
3206907
When scanning ASPX pages on SharePoint 2013 sites, some

HTML text (for example, "_objectType_") may appear in your
incident snapshots.
None.
3281853
If you log in to the Response Rule Listing Service URL, the

None.
browser cache is not cleared when you log out. If you navigate
back to the Response Rule Listing Service URL, you can access
the page without re-entering credentials, and you can also access
the Enforce Server administrative console without entering your
credentials
3433408
The SharePoint Quarantine FlexResponse rule falls back to

1
NTLM authentication when the SharePoint site is set for Kerberos
authentication. When this occurs, the SharePoint Quarantine
FlexResponse action fails.
In the IncidentPersister.properties
file, add this line:
java.security.krb5.conf=path
where path is the path to the
krb5.conf file, such as
SymantecDLP/Protec/config/.
Ensure that jcifs-1.3.17 is installed

in the correct location.
See the Symantec Data Loss
Prevention SharePoint Quarantine
FlexResponse Plug-in
Implementation Guide.
Ensure that the SharePoint

Quarantine user has Full Control
on the SharePoint site.
Restart the Symantec Data Loss

Prevention services.
Known issues
Table 3-8
3448145
Workaround
Discover scanners sometimes fail to connect to Network Discover 1

detection servers with multiple NICs installed. This issue may
be caused by a loopback IP used in one of the sockets:
2
127.0.0.1:8090 and 169.254.21.249:8090, for example.
Swap the configuration of the

interfaces (eth1 <-> eth2)
Deselect TCP/IP on the second
interface configuration. The second
interface can then be used for
network capture, but not for L3
network connectivity.
3660676
Network Discover cannot scan SharePoint 2010 folders with

folder names containing special characters.
None.
3689938
If a file on Box cloud storage is locked by a co-owner, Cloud

Storage Discover returns an access denied error and cannot
scan that file.
None.
3717396
You cannot create Veritas Data Insight resources for folders or None.
files that have generated Network Discover/Cloud Storage
Discover incidents where the IncidentID value is greater than
Integer.MaxValue().
36
Known issues
Table 3-8
Workaround
3768304
Symantec recommends that your

Network Discover have at least 16 GB
of RAM, and that you increase your file
reader memory allocation for the Network
Discover server from 4 GB to 8 GB.
When scanning Box cloud storage accounts using the default

memory settings on the Network Discover server, you may
encounter JVM out-of-memory errors.
To increase the file reader memory

allocation, follow this procedure:
In the Enforce Server administrative

console, navigate to System >
Servers and Detectors >
Overview.
Select your Network Discover

server from the list of servers.
On the Server/Detector Detail

page, click Server Settings.
On the Server/Detector Detail Advanced Settings page, change

the -Xmx value for the
BoxMonitor.FileReaderMemory
setting from 4G to 8G: -Xmx8G.
Click Save.
Restart your Network Discover

server to apply your changes.
37
Known issues
Table 3-8
3917476
Symantec Data Loss Prevention displays a cross-site request

forgery (CSRF) error when authorizing Box scanning for the first
time. This issue only occurs when accessing the Enforce Server
using Microsoft Internet Explorer.
Workaround
38
Known issues
Table 3-8

Workaround
To address this issue, you must generate
a new browser certificate for the Enforce
Server and add it to the Trusted Root
Certification Authorities in Internet
Explorer.
Delete the existing .keystore file

from
SymantecDLP\Protect\tomcat\conf.
Follow the procedure in the

"Generating a unique browser
certificate" topic of the Symantec
Data Loss Prevention Installation
Guide to generate a new browser
certificate. Ensure that the common
name (cN) value that you enter in
the keytool utility matches the
address you use to access your
Enforce Server administrative
console. For example, if you use an
IP address, enter that IP address:
cN=xxx.yyy.zzz.nnn. If you use a
URL, enter that URL:
cN=yourenforce.company.com.
Restart the Vontu Manager service

on your Enforce Server.
Connect to the Enforce Server

administrative console using
Internet Explorer and import the
new certificate into the Trusted Root
Certification Authorities.
Click certificate error > View
Certificates > Install
Certificate to access the
Internet Explorer Certificate
Import Wizard.
Select "Place all certificates in
the following store."
Select "Trusted Root
Certification Authorities."
Refresh the page in Internet
39
Known issues
Table 3-8
Workaround
Explorer. The certificate should
display as trusted.

Table 3-9
Workaround
3931168 The most up-to-date Citrix configuration information is in the

Symantec Data Loss Prevention System Requirements and
Compatibility Guide, not the Symantec Data Loss Prevention
Administration Guide.
See the Symantec Data Loss Prevention

System Requirements and Compatibility
Guide for Citrix configuration information.
3963070 The Symantec Data Loss Prevention Administration Guide and None.
online Help incorrectly state that a Network Protect license is
required for the Cloud Storage: Add Visual Tag and Cloud
Storage: Quarantine response rules. These response rules are
available without Network Protect.

Table 3-10
Workaround
1902505 If the file extension filter configuration is not correct, if it contains

commas or other nonnewline separators, no error message is
displayed to indicate this. If the configuration is not correct, the
file extension filters will not work.
Ensure that file extension filters are

separated only with new lines, and not
with any other characters such as
commas, semicolons, or any other
punctuation.
2076523 The Collect Agent Logs task keeps running if agent logs are not
present on the Endpoint Server. If no agent logs are available
on the Endpoint Server, the Collect Agent Logs task continues
to run and cannot stop.
Cancel the existing Collect Logs task and

execute a Pull Logs task from the Agent
Overview page so that agent logs are
pulled to the Endpoint Server and then
run the Collect Logs task again.
2119984 Citrix published drives cannot be monitored by Application

None.
Monitoring. If an application opens a sensitive file from a Citrix
published drive, the file is not scanned for sensitive information.
40
Known issues
Table 3-10
Endpoint known issues (continued)
Workaround
2131164 There is a possibility that some application will retry to attach file None.
blocked by application monitoring. In such circumstances,
endpoint computer users will see multiple pop-ups and multiple
incidents will be reported.
3675162 If users attempt to overwrite an Excel file on a removable storage None.
device with an Excel file that contains sensitive information, the
save operation is blocked and the original file is deleted. This
issue is observed with the DLP Agent for Mac.
3691082 Uploading PDF files larger than 2 MB from an endpoint computer To avoid file upload performance issues
takes several seconds due to the DLP Agent detection process. for large PDF files, apply File Type or File
Size filters in your endpoint scan
configuration.
3697999 The DLP Agent cannot detect sensitive information in the header Deselect Match Conditions: On whole
or footer of files created by Microsoft Office Excel for Mac 2011. words only.
3765823 When an endpoint user attempts to save sensitive information
to OneDrive from a Microsoft Office 2013 application, multiple
block pop-ups may display.
Add the MsoSync application to the

Application Monitoring page.
Steps for adding the application are
available at:
http://www.symantec.com/docs/TECH230791.
3765797 The DLP Agent does not prevent sensitive information from being Prevent users from logging their
saved from Microsoft Office 2013 applications to OneDrive.
Microsoft Office 2013 applications into
OneDrive from the endpoint. Refer to the
article "Configure user sign-in for Office
2013" for steps. You can view this article
at the following URL:
https://technet.microsoft.com/
en-in/library/jj715259.aspx
3849212 When there is sensitive data on the Clipboard, Symantec Data Whitelist the Windows 10 Mail app for
Loss Prevention creates a Clipboard paste incident when users Clipboard paste monitoring.
open the Windows 10 Mail app before any data is pasted.
41
Known issues
Table 3-10
Workaround
3855514 Files uploaded from a network share through the Microsoft

Windows Edge browser are not detected by the DLP Agent.
In the Advanced Agent Settings, set the

FileSystem.ENABLE_VEP_FILE_
ELIMINATION.int value to [1].
For detailed information about editing
Advanced Agent Settings, see the
Symantec Data Loss Prevention
Administration Guide.
3876000 In the "Troubleshooting agents with Warning agent alert" table

in the Symantec Data Loss Prevention Administration Guide and
online Help, the cause for the "Agent version is older than Enforce
Server version" warning is unclear.
Agents display a Warning alert if the

agent version is one or more major
versions behind the Endpoint Server
version. For example, if your Endpoint
Server version is 14.5 and your DLP
Agent version is 12.5, that agent will
display a Warning alert. If your Endpoint
Server version is 14.5 and your DLP
Agent version is 14.0, the agent is OK.
3897875 When a user tries to upload a file multiple times in a browser

None.
session that has already created an incident, Symantec Data
Loss Prevention displays multiple URLs in the incident snapshot
and in pop-up notifications. This issue is observed on Mac
endpoints.
3918355 Symantec Data Loss Prevention deletes Microsoft Office files
Update your Office applications to the
stored on removable media when you open them, if they violate most recent update of Office 2016.
a policy with a block response rule enabled. This issue is
observed on endpoints running older versions of Office
applications.
3920309 Symantec Data Loss Prevention does not detect sensitive files
uploaded to Google Drive using the Firefox, Edge, or Internet
Explorer browsers.
Fixed in version 14.5 MP1.
3911132 On Mac endpoints, saving Microsoft Office files that violate a

None.
policy with a Block response rule enabled to removable storage
devices results in contradictory messages to the end user. The
Block notification displays correctly, and the file is not saved to
the removable storage device. However, the Office application
displays a message that the file was saved successfully.
42
Known issues
Table 3-10
Workaround
3936223 If the Limit Incident Data Retention response rule is used with
None.
Application File Access, incidents are generated, but files are not
available in the Application File Access incident snapshot. The
file displays under the Files section, but it is not clickable or
downloadable.

Table 3-11

Workaround
3799427 Symantec Data Loss Prevention does not create incidents for
None.
sensitive files sent as attachments or uploaded to cloud storage
websites as attachments. This is because attachments are
uploaded as multi-part content.
Known internationalization and localization issues

The following tables list the known issues related to internationalization and
localization for each product module.
Detection internationalization and localization known

issues
Table 3-12
1404046

Workaround
Archive files such as ZIP files containing files that violate a policy None.
will appear in the incident snapshot. The files within the archive
may appear with garbled names if the names use non-ASCII
characters.
43
Known issues
Table 3-12

(continued)
Workaround
1476390
This defect is reproducible if

Detection.MARKUP_AS_TEXT.str=OFF.
However, if
Detection.MARKUP_AS_TEXT.str=ON
the DBCS strings are matched in the
incident page.
Symantec Data Loss Prevention does not detect match DBCS

characters in Unicode HTML files copied to USB drives.
1791134, Detection for PDF files containing Arabic or Hebrew text fails to None.
1866769 detect violations.
1791138
Print monitor fails to detect sensitive Arabic data on the Endpoint None.
when printing from applications such as Notepad, Word, and
PDF files.
1866765
Print monitor fails to detect sensitive Hebrew data on the

Endpoint when printing from Notepad.
None.
1866867, Sensitive data in Hebrew email body text and attachments that None.
1866873 are encoded as ISO-8859-8-I is not detected. Attachments to
ISO-8859-8-I emails are also not correctly detected even if the
attachment name and content is in standard ASCII format. These
issues are not observed for ISO-8859-8 emails.
1430029, In some cases, when viewing the incident snapshot for an
1479328 attachment with a non-ASCII file name, the file name may be
garbled in the UI. (This issue is fixed for Japanese languages.
See the Fixed Issue section.)
None.
1466323, Symantec Data Loss Prevention supports the encoding standards None.
1470209, defined and supported in Java 7. Due to interpretation differences
1470206 between various vendors the same encoding (for example,
GB2312) will be supported only to the extent of Java 7 support.
For a list of supported Java 7 encodings please refer to:
http://java.sun.com/javase/7/docs/technotes/guides/intl/encoding.doc.html.
44
Known issues
Table 3-12

(continued)
1519857,
1463737,
1463747,
1524289,
1791119,
1866773
Workaround
Certain non-ASCII content of scanned Microsoft Outlook Personal None.

Folders (.PST) files may be garbled in the Enforce UI or
undetected.
Problems such as the following may be observed:
Hyperlinks (location and document name) may be garbled.
For Windows-1256-encoded email, the body may not be

detected.
Hebrew body and subject may remain undetected.
For UTF8-encoded mail, body and subject may remain

undetected, and attachment file names may be garbled.
1654792
Policies with ASCII digits (1234567890) may not match against

data containing Arabic-Indic digits such as the numbers used in
Egypt, Iran, Pakistan, and parts of India. In Excel files,
Arabic-Indic digits are treated as ASCII numbers, and they match
only on ASCII numbers (scanning, printing, CD burning) although
they are displayed as Arabic-Indic digits. For Word and text files
containing Arabic-Indic digits, the Arabic-Indic digits must be
specified in the policy.
The policy has to include match rules for

both Hindu-Arabic and Western numbers
depending on the kind of file. To match
Hindu-Arabic numbers in an Excel file,
the policy match rule requires Western
numbers. To match Hindu-Arabic
numbers in Word or text files, the policy
match rule requires Hindu-Arabic
numbers.
1708526,
1709649,
1860340,
1503970
During EDM detection, a mixed token is not detected during

None.
scanning. A mixed token is, for example, when Asian characters
and ASCII characters (or characters that are normalized as ASCII
characters) are combined. The EDM indexes may also fail to
support non-US field validators like phone numbers or ZIP Codes.
1729175
For some incidents the non-ASCII characters in the incident

metadata may be garbled in the user interface. This does not
affect detection.
None.
1806721, Language-specific detection rules may fail to provide the

Create separate detection rules for each
1829508 expected results (German sharp-s, Greek sigma, Japanese Yen, language-specific detection variation you
Turkish I, and others).
require.
1806722
Case-insensitive keyword detection matches incorrectly with the Create separate case sensitive policies.
Turkish I on the server because there are four different versions
of I in the Turkish language. The special conversion is not
covered in the detection engine.
Uppercase equivalent of I is I and not I.
Lowercase equivalent of I is I and not I.
45
Known issues
Table 3-12

(continued)
Workaround
1833344, Regular expression for Unicode codepoint fails on the endpoint.

1823548 For example, searching for Unicode character \u6211 fails. Also
the java regular expression reference defines the \w class as
containing only ASCII word characters. To match non-ASCII
letters you must use the Unicode syntax \p{L}. On the endpoint,
the situation is roughly inverse. On the endpoint, the \w works
for non-ASCII characters but the \p is unsupported.
Use the international character in the

regular expression instead of the
codepoint or \w and or \p{L} class
respectively.
1894279
Symantec Data Loss Prevention does not detect attached files

with DBCS file names.
None.
2075491
Detection of files copied to USB or local drives fails when

Endpoint agents are installed in HI-ASCII folders.
2268405
When ANSI text files are used for VML, non-ASCII characters
are ignored when extracting keywords to the features file after
training profile.
Convert ANSI contents to Microsoft Word

Document or UTF8 text format.
2305411
VML detection will not work on Chinese, Korean, or Japanese

content detection.
None.
2371246
Symantec Data Loss Prevention Endpoint agents treat Korean

as a non-whitespace language. This issue causes Endpoint
detection on Korean-language content to be less accurate.
None.
3105214
Symantec Data Loss Prevention does not detect files with

None.
non-ASCII file names when they are sent as email attachments
through web mail applications such as Gmail or Yahoo Mail.
3114433
Symantec Data Loss Prevention does not detect Shift_JIS

encoded text (.txt) files.
None.
46
Known issues
Discover internationalization and localization known

issues
Table 3-13
Workaround
1704203 Scanner installation on non-English environments has issues

Use a folder with non-multi-byte ASCII
when the folder being used for installation (from/to) has multi-byte characters when installing the scanners.
characters.
1727476 When connecting to an SQL Server 2005 content root, you will
get the error Unable to create a database connection when
using credentials which use a password that contains HiASCII
characters.
Change the password and do not use

HiASCII characters.
1763681 An error The network name cannot be found appears when

Use a system mounter instead of JCIFS.
trying to scan a Discover target with in folder name using JCIFS.
1824358 Scanner configuration files do not support Byte Order Mark (BOM) Use a third-party tool such as Notepad++
when saved using UTF8 encoding.
to save the file without BOM.
1923438 For SharePoint 2007 scanners, VontuSharePoint2007Scanner.cfg Workaround: Do not use non-ASCII
job names must be composed of ASCII-only characters. When characters for job names.
a non-ASCII job name is used, data is not scanned.
Symantec recommends that you use the
Network Discover Microsoft SharePoint
or Exchange server targets instead of the
Microsoft Exchange or SharePoint
scanners.
Endpoint internationalization and localization known

issues
Table 3-14
Endpoint internationalization and localization known issues

Workaround
3306490 Endpoint Discover does not detect incidents in text files on Mac None.
OS endpoints encoded in Arabic, Chinese Simplified, Chinese
Traditional, Japanese, Korean, Shift-JIS, and Thai.
47
Known issues
Enforce Server internationalization and localization

known issues
Table 3-15

Workaround
2167210 Detection monitors fail to start if the target device name contains Use the following procedure:
non-ASCII characters.
1. Open your registry editor and edit:
HKLM/System/CurrentControlSet/
Control/Class/{4D36E972-E32511CE-BFC1-08002BE10318}/0007/
2. Change the DriverDesc value so
that it contains only ASCII characters.
3. Restart the detection monitor.
3506729 Symantec Data Loss Prevention does not work when it is installed Install Symantec Data Loss Prevention
on a computer with a Turkish locale.
on a computer in any locale other than
Turkish, then change to the Turkish
locale after installation.
For example, install Symantec Data Loss
Prevention on a computer in the French
locale, then change it to Turkish after
Symantec Data Loss Prevention is
successfully installed.
Installer and Upgrader internationalization and

localization known issues
Table 3-16

issues
Workaround
1805050 Services fail to start when run by system users with their locale Switch the Windows regional settings to
set to Turkish.
English (USA) before installing Symantec
Data Loss Prevention. Setting the Default
User profile to the US locale results in
Symantec Data Loss Prevention system
user profiles being created with these
settings.
48
Known issues
Table 3-16

issues (continued)
Workaround
1819443 Creating an Oracle database on a Turkish operating system gives Workaround: Deploy the Oracle database
a TNS Protocol Adapter error.
to a non-Turkish operating system.
Network internationalization and localization known

issues
Table 3-17
Workaround
2752691 Incidents are not created when an email is sent containing an

attachment where the file name contains sensitive data that is
written using I18N characters.
None.
Mobile Prevent internationalization and localization

known issues
Table 3-18
Mobile Prevent internationalization and localization known issues

Workaround
2582425 Non-ASCII data in the body and subject of an email may not get None.
inspected when sent to Gmail through the iPad Safari web
browser. Mobile Prevent cannot detect the encoding mechanism
that is used by Safari.
2597883 When transmitting data from an iPad, Mobile Prevent fails to
None.
detect data stored in text files encoded with x-mac-cyrillic.
2920361 Mobile Prevent does not display a localized version of attachment None.
names.
3040853 Mail sent from Exchange Server 2010 mail accounts that contain None.
French keyword violations appear corrupted on the incident page.
49

Symantec DLP 14.6 Release Notes

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Symantec DLP 14.6 Release Notes

Transféré par

Droits d'auteur :

Formats disponibles

Symantec Data Loss

Prevention Release Notes

Last updated: 06 December 2016

Symantec Data Loss Prevention Release Notes

About these Release Notes ..............................................................

Fixed issues ............................................................................ 9

Installer and Upgrader issues fixed in 14.5 ...................................

Known issues ....................................................................... 25

About these Release Notes

Installing patches for Windows Server 2012 R2

Installing Symantec Data Loss Prevention 14.6

Upgrading Symantec Data Loss Prevention 14.6

About accessing the Symantec Support Center

About these Release Notes

What's new and what's changed in Symantec Data

Installing patches for Windows Server 2012 R2

To find out if patch KB2919355 is installed:

Go to Windows System and Security.

Click View install updates in the Windows upgrade section.

Confirm that patch 2919355 is installed.

If the patch is not installed, complete the following steps:

Installing Symantec Data Loss Prevention 14.6

Upgrading Symantec Data Loss Prevention 14.6

Finding information about Symantec Data Loss

Finding information about Symantec Data Loss

Finding information about Symantec Data Loss

Finding information about the Symantec Data Loss

About accessing the Symantec Support Center

Fixed issues in 14.6

Fixed issues in 14.5 Maintenance Pack 1

Fixed issues in 14.5

Fixed issues in 14.0.2

Fixed issues in 14.0.1

Fixed issues in 14.6

Installation and upgrade issues fixed in 14.6

Installation and upgrade issues fixed in 14.6

The database is unable to connect and the system crashes.

Endpoint issues fixed in 14.6

Endpoint issues fixed in 14.6

Fixed issues in 14.5 Maintenance Pack 1

Detection issues fixed in 14.5 Maintenance Pack 1

Detection issues fixed in 14.5 Maintenance Pack 1

Discover issues fixed in 14.5 Maintenance Pack 1

Discover issues fixed in 14.5 Maintenance Pack 1

Discover issues fixed in 14.5 Maintenance Pack 1 (continued)

(Cloud_Discover) There is a discrepancy in number of processed users in Scan statistics.

(Cloud Discover) Scan in queued state should not be editable.

Discover issues fixed in 14.5 Maintenance Pack 1 (continued)

Endpoint issues fixed in 14.5 Maintenance Pack 1

Endpoint issues fixed in 14.5 Maintenance Pack 1

(Endpoint General) Sensitive file gets uploaded to Google Drive site.

(Endpoint General) File restoration does not work on a DFS share.

(Endpoint General) Support for Firefox 64-bit.

Endpoint issues fixed in 14.5 Maintenance Pack 1 (continued)

Endpoint localization and internationalization issues fixed in 14.5

Endpoint localization and internationalization issues fixed in 14.5

Enforce Server issues fixed in 14.5 Maintenance Pack 1

Enforce Server issues fixed in 14.5 Maintenance Pack 1

Enforce Server issues fixed in 14.5 Maintenance Pack 1 (continued)

Fixed issues in 14.5

Detection issues fixed in 14.5

Detection issues fixed in 14.5

Discover issues fixed in 14.5

Discover issues fixed in 14.5