search cancel

Endpoint FlexResponse plug-in generates multiple files and incidents


Article ID: 160352


Updated On:


Data Loss Prevention Endpoint Prevent


If an Endpoint FlexResponse plug-in uses code to create a file that contains sensitive data, any USB copy event that triggers the plug-in results in multiple copies of the file, and multiple incidents logged to the Enforce Server administration console.


Follow these steps to configure the plug-in host application process (PLGH.EXE) to ignore all types of activity:
  1. Login to the Enforce Server administration console with Administrator privileges.
  2. Select System > Agents > Application Monitoring.
  3. Click Add Application.
  4. Enter the following information in the Application Information fields:
    •  Name (required): Enter PluginHost or any other name for this configuration.
    •  Internal Name: Enter PluginHost\.exe
    •  Original Filename: Enter PluginHost\.exe
  5. Deselect the following items in Application Monitoring Configuration section:
    •  Network Access
    •  Print/Fax
    •  Send to Clipboard
    •  Filesystem Activity
  6. Click Save.

Symantec will release a hotfix for this issue in the near future.