How to configure Symantec AV10.x to allow the Vontu Endpoint Agent to monitor USB devices

book

Article ID: 159483

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

In its default setting, Symantec AV 10.X prevents the Vontu Endpoint Agent from monitoring USB devices. A configuration change needs to be made to AV 10.X so the Endpoint Agent can monitor USB devices.

Resolution

Vontu has seen an issue when an Endpoint Agent was installed on a machine which also had SymantecAV 10.X running. Symantec’s file filter driver SymEvent version 12.5.0 prevents the filter manager, a Microsoft file system driver, from attaching to FAT drives. Since USB keys are formatted using the FAT file system, SymEvent 12.5.0 hinders the Endpoint Agent’s ability to monitor the USB device.

Customers should make sure that they do not have SymEvent 12.5.0 in their environment before deploying DLP Endpoint Agent. Since SymEvent can be upgraded independently, customers should update this version to the most current one available.  As of this writing, the latest version of SymEvent is 12.5.4.  See the following URL for instructions on updating this file:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/1998092408260848