Vontu has seen an issue when an Endpoint Agent was installed on a machine which also had SymantecAV 10.X running. Symantec’s file filter driver SymEvent version 12.5.0 prevents the filter manager, a Microsoft file system driver, from attaching to FAT drives. Since USB keys are formatted using the FAT file system, SymEvent 12.5.0 hinders the Endpoint Agent’s ability to monitor the USB device.

Customers should make sure that they do not have SymEvent 12.5.0 in their environment before deploying DLP Endpoint Agent. Since SymEvent can be upgraded independently, customers should update this version to the most current one available.  As of this writing, the latest version of SymEvent is 12.5.4.  See the following URL for instructions on updating this file:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/1998092408260848