ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to configure Symantec AV10.x to allow the Vontu Endpoint Agent to monitor USB devices

book

Article ID: 159483

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

In its default setting, Symantec AV 10.X prevents the Vontu Endpoint Agent from monitoring USB devices. A configuration change needs to be made to AV 10.X so the Endpoint Agent can monitor USB devices.

Resolution

Vontu has seen an issue when an Endpoint Agent was installed on a machine which also had SymantecAV 10.X running. Symantec’s file filter driver SymEvent version 12.5.0 prevents the filter manager, a Microsoft file system driver, from attaching to FAT drives. Since USB keys are formatted using the FAT file system, SymEvent 12.5.0 hinders the Endpoint Agent’s ability to monitor the USB device.

Customers should make sure that they do not have SymEvent 12.5.0 in their environment before deploying DLP Endpoint Agent. Since SymEvent can be upgraded independently, customers should update this version to the most current one available.  As of this writing, the latest version of SymEvent is 12.5.4.  See the following URL for instructions on updating this file:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/1998092408260848


Powered by Wolken Software