DLP問題排解 | 賽門鐵克

【DLP Endpoint Agent Pull】

Additionally please provide logs from the Endpoint Agent via the Enforce UI:

Go to System -> Agent Overview

至【系統】→【代理程式】→【概覽】

Select the agent you want and from the Actions pull down, select Pull Logs.

選擇那台要 copy .pst 檔到用戶端電腦 → 點選【動作】→ 【提取日誌】

Select both Services logs or Operational logs and click OK

Next, the logs need to be pulled from the Endpoint Server to the Enforce Server

Go to System -> Servers -> Logs

Select the Endpoint Server from the drop down and check the Agent logs box.

至【系統】→【伺服器】→【日誌】→【組態】→【下拉選擇您的偵測伺服器】

至【系統】→【伺服器】→【日誌】→【收集】→【勾選操作日誌、偵錯和追蹤日誌、組態檔、代理程式日誌】

並按下【收集日誌】

Then click on the Collect Logs button.

This will retrieve the logs from the Endpoint Agent.

Download the logs and send them to us by replying to this mail with the attachment.

一段時間後，按下右上角的重新整理圖示，帶畫面下方出現【下載】連結時，下載【SymantecDLPLogs.zip】

請將 SymantecDLPLogs.zip 以附件的方式提供給我們

DLP 管理主控台事件刪除

DLP 管理主控台事件刪除
處理方式：
請參考下圖步驟
請勿點選【顯示全部】，否則會因資料過多開啟緩慢
直接選擇【全選】，之後刪除的動作會立即完成 ( 僅是 SQL Update 語法的執行，所以很快 )

如何重設 DLP 主控台 Administrator 帳戶的密碼

步驟

開啟命令提示字元
輸入以下指令
cd c:\Vontu\Protect\bin
AdminPasswordReset.exe -dbpass Passw0rd -newpass PPassw0rd
( Administrator 帳戶密碼即重設為 PPassw0rd )

安裝 DLP Endpoint Agent 12.0.1 後 IE temp 目錄下產生了很多 DLP*.TMP 檔造成 IE 開啟緩慢

【安裝 DLP Endpoint Agent 12.0.1 後 IE temp 目錄下產生了很多 DLP*.TMP 檔造成 IE 開啟緩慢】

Example：Windows 7、Windows 8、Windows 8.1 目錄

(C:\Users\ [登入名稱] \AppData\Local\Microsoft\Windows\Temporary Internet Files)

刪除 DLP*.TMP 後，IE 開起即恢復正常，但之後 DLP*.TMP 又會產生

已確認此現象與 C:\Program Files\Manufacturer\Endpoint Agent\temp" file 過大無關

Forum 提到：這是一個 Symantec 目前已經發現的問題，不過 fix 檔目前沒有公開，需建案取得相關的 fix

以下是 Forum 的連結與內容

http://www.symantec.com/connect/forums/dlp-endpoint-crea-demasiados-archivos-temporales-en-carpeta-temp

請下載 Hotfix_12.0.1101_Windows.zip ，解壓後參照 Hotfix Readme 來執行用戶端 Endpoint Agent 的升級

Hotfix Readme

Fixes in this Hotfix:
———————
3411202 : Dlp temp files created by IE HTTPS hook are not deleted after scanning

More infomation :
The internet explorer hook generates false requests that never make it to agent. As agent is supposed to delete the requests, the temporary files created for those requests are never deleted.

Contents:
————
AgentInstall.msi
AgentInstall64.msi
Agent Tools (not listed here)

Constraints:
————
1. This hotfix can only be installed in place of Endpoint Agent 12.0.1. Also it is to be used with a 12.0.1 server.
2. These files are from the Endpoint Agent 12.0.1 hotfix build 12.0.1101.01001

To Install the Endpoint Agent Hotfix:
—————————————-

1. Find the appropriate Agent to install (in /Endpoint/Win32/ or /Endpoint/x64/)

2. In the Software Distribution package give the following command line for fresh installation of DLP agent (新安裝的用戶)

msiexec /i AgentInstall.msi /q INSTALLDIR="%ProgramFiles%\Manufacturer\Endpoint Agent\" ENDPOINTSERVER="hostname" PORT="8000″ KEY="" SMC="hostname" SERVICENAME="EDPA" WATCHDOGNAME="WDP"

3. If you want to upgrade agent from 12.0.1 then in software distribution package command line you need to give following (已安裝的用戶)

msiexec /i AgentInstall.msi /q INSTALLDIR=“%ProgramFiles%\Manufacturer\Endpoint Agent\" ENDPOINTSERVER="hostname" PORT="8000″ KEY="" SMC="hostname" SERVICENAME="EDPA" WATCHDOGNAME="WDP" REINSTALL=ALL REINSTALLMODE=vomus