Endpoint FlexResponse plug-in generates multiple files and incidents

book

Article ID: 160352

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

If an Endpoint FlexResponse plug-in uses code to create a file that contains sensitive data, any USB copy event that triggers the plug-in results in multiple copies of the file, and multiple incidents logged to the Enforce Server administration console.

Resolution

Follow these steps to configure the plug-in host application process (PLGH.EXE) to ignore all types of activity:
  1. Login to the Enforce Server administration console with Administrator privileges.
  2. Select System > Agents > Application Monitoring.
  3. Click Add Application.
  4. Enter the following information in the Application Information fields:
    •  Name (required): Enter PluginHost or any other name for this configuration.
    •  Internal Name: Enter PluginHost\.exe
    •  Original Filename: Enter PluginHost\.exe
  5. Deselect the following items in Application Monitoring Configuration section:
    •  Network Access
    •  Print/Fax
    •  Send to Clipboard
    •  Filesystem Activity
  6. Click Save.

Symantec will release a hotfix for this issue in the near future.