What IM channels does the DLP Endpoint Agent monitor?

book

Article ID: 160385

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

You want to know what IM channels or applications does the Endpoint Agent monitor.

Resolution

Data Loss Prevention supports detection on the following IM channels:

■ AIM instant messaging
■ MSN instant messaging
■ Yahoo! Instant messaging

IM monitoring analyzes outgoing messages both on an individual message basis as well as on a session basis. For example, if a user opens a chat session with another person through IM. Endpoint Prevent analyzes each message that the user sends for sensitive information. Each of these messages is analyzed individually. At the same time, Endpoint Prevent analyzes the entire conversation for the sensitive information that may not be apparent from the individual messages. IM messages and files can also be blocked. An IM incident contains information regarding sender, recipient, and the content of the session. Symantec Data Loss Prevention also detects the Yahoo and MSN IM traffic that is tunneled through HTTP.

Endpoint Prevent Agent detects IM data transfers, so for example if a user copies sensitive information from a Word document and paste it in an IM message, Endpoint Prevent blocks the transfer. The blocking occurs because copy and paste functions use the Windows Clipboard. Application File Access Control (AFAC) monitoring lets you monitor third-party applications for IM such as Skype but not the actual conversation. So any application that is not specifically monitored by Symantec Data Loss Prevention must be added to the Application Monitoring page before Symantec Data Loss Prevention can begin monitoring.

If you wish to monitor IM conversations of third-party applications such as Skype you could implement a Network Monitor which will capture and analyze traffic on your network, detecting confidential data, and significant traffic metadata over the IM protocols you specify.