How to use filter.exe to determine if a message was parsed correctly

book

Article ID: 160007

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You suspect a policy of false negatives (missing messages that should have been detected), and you wish to examine a piece of content to confirm that it is being detected correctly.

Resolution

False negatives occur when messages are sent that should have created an event, but do not create an event. As a first step in troubleshooting a false negative, find the cracked text of the input document.

To find the cracked text of the input document: 

From a command prompt, change directory to the Vontu product tree:

Find the program called “filter.”

  • For v12.x:
    • Windows: C:\SymantecDLP\Protect\plugins\contentextraction\Verity\x64
    • Linux: /opt/SymantecDLP/Protect/plugins/contentextraction/Verity/x86_64
  • For v15.1.x:
    • Windows: C:\Program Files\Symantec\Data Loss Prevention\KeyView\11.4\Protect\plugins\contentextraction\Verity\X64
    • Linux:/opt/Symantec/Data Loss Prevention/KeyView/11.4/Protect/plugins/contentextraction/Verity/x86_64
  • For V15.5.x:
    • Widows: C:\Program Files\Symantec\DataLossPrevention\KeyView\11.6\Protect\plugins\contentextraction\Verity\X64
    • Linux: /opt/Symantec/DataLossPrevention/KeyView/11.6/Protect/plugins/contentextraction/Verity/x86_64
  • For V15.7.x:
    • Widows: C:\Program Files\Symantec\DataLossPrevention\KeyView\12.2\Protect\plugins\contentextraction\Verity\X64
    • Linux: /opt/Symantec/DataLossPrevention/KeyView/12.2/Protect/plugins/contentextraction/Verity/x86_64
  1. Type:  filter <name of input file> <name of output file> .
  2. The output file contains the cracked text of the input document. There might be some differences between how the application is called and how the default options of the filter crack the text.

 

 

 

Additional Information

Note: If you get the following error, try adding the file extention for the file to the input file name.

Description: Could not filter file because the input file could not be found.
Error code: 24.

Example: C:\Program Files\Symantec\DataLossPrevention\KeyView\12.2\Protect\plugins\contentextraction\Verity\x64>filter C:\Users\Administrator\Desktop\testfile.pdf output.txt