Endpoint FlexResponse plug-in generates multiple files and incidents
book
Article ID: 160352
calendar_today
Updated On:
Products
Data Loss Prevention Endpoint Prevent
Issue/Introduction
If an Endpoint FlexResponse plug-in uses code to create a file that contains sensitive data, any USB copy event that triggers the plug-in results in multiple copies of the file, and multiple incidents logged to the Enforce Server administration console.
Resolution
Follow these steps to configure the plug-in host application process (PLGH.EXE) to ignore all types of activity:
Login to the Enforce Server administration console with Administrator privileges.
Select System > Agents > Application Monitoring.
Click Add Application.
Enter the following information in the Application Information fields: • Name (required): Enter PluginHost or any other name for this configuration. • Internal Name: Enter PluginHost\.exe • Original Filename: Enter PluginHost\.exe
Deselect the following items in Application Monitoring Configuration section: • Network Access • Print/Fax • Send to Clipboard • Filesystem Activity
Click Save.
Symantec will release a hotfix for this issue in the near future.