Cisco Security Agent is incompatible with DLP Endpoint Agent

book

Article ID: 159909

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

Symantec Data Loss Prevention (DLP) Endpoint Agent

  • The DLP Endpoint Agent Clipboard Monitoring and Print Monitoring functions do not work when the Cisco Security Agent v6.0 is installed on the system.
  • The Cisco CSA agent process, CUI.exe crashes
  • The DLP agent does not function properly.

Cause

The DLP Endpoint agent and the CSA agent use the same detouring mechanism to intercept API calls and are not compatible.

Resolution

Exclude the DLP agent from the Cisco CSA agent. 

Note: If further assistance is needed with the following steps, please contact the Cisco CSA agent vendor.

1. Launch CSA console.
2. From the drop-down menu select, Configuration->Application->Application Classes.
3. Select Administrator Defined - White List Application.
4. In the group box window titled - "Add process to application class" select the variable "$Administrator defined - White List files [V6.0 r205]". Note: double-clicking it launches a new window.
5. In the group box window titled - "Configuration" go to "Directory matching" enter "@program_files**ManufacturerEndpoint Agent*". Where @program_files is a variable which would be expanded to the program files path. (This variable should be the path where the DLP Agent is installed.)
6. Under files matching enter the name of the .exe files to be excluded.
7. Click Save.
8. Click Generate Rules->Generate. (This step pushes the configuration to the CSA Agent.)

Note: The Cisco CSA Agent may need to be white listed within DLP. Contact the CSA agent vendor for a list of directories and files that need to be excluded. Then refer to the article (How to white list or exclude an application from DLP Endpoint agents).