Against which websites has the Symantec DLP ICAP / Web Prevent been tested ?

book

Article ID: 160474

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Web

Issue/Introduction

Note: Most modern website frameworks support asynchronous communication models ( Ajax , Web 2.0 ). The result is communication between the browser and web framework is chunked or only changes to web objects such as emails or files are communicated back to the web framework. This causes challenges in how web objects can be detected.

 

The tested sites use proprietary web frameworks that can change without notice.

Always keep alternate approaches such as using DLP Endpoint File Access Control ( AFAC ) in mind to increase detection coverage.

 

Very important: This is not a certification. For supported environments and functionality, refer to the System Requirements Guide and the respective product documentation. 

Sites and browsers are tested as part of the normal QA cycle, however, both browser vendors and website operators can, and do, change, fix, and improve their functionality on a regular basis.  Because of this, the current version of a browser or site may not function as expected in the current release of DLP.  It is highly advised that the Endpoint agent be utilized to detect infringing data before it is passed to the browser.

Resolution

 

 

Symantec DLP Web Prevent 12.0 These were tested with Firefox 18 and BlueCoat 6.2.12.1. Testing done April 2013.

 

 

Symantec DLP Web Prevent 12.5 These were tested with Firefox 24 and BlueCoat 6.3.5.1.

 

 

 

 

 

Website

DLP 12.0

DLP 12.5

Blogger

Pass

Pass

LiveJournal

Pass

Pass

MySpace

Pass

Pass

Twitter

Pass

Pass

WordPress

Pass

Not Compatible

YouTube

Pass

Pass

Facebook

Pass

Pass

Gmail

Pass

Pass

Aol Mail

Pass

Pass

LinkedIn

Pass

Pass

Rediffmail

Pass

Pass

Yahoo! Mail

Pass

Pass

Hotmail / Outlook.com (**)(WA3)

Pass

Pass

Outlook eb Access 2010

Pass

Pass

Google Drive (WA1) (*)

Not Compatible

Not Compatible

SkyDrive (WA2)

Not Compatible

Not Compatible

   
     

(*) = eTrack 3444460 ,

(**)  = fails with IE10 only

 

 

Workarounds:

All workarounds will not show the filenames in the incident.

 

(WA1) = Add to config/NonMultipartAttachment.config the following

 

# google

Host == sites.google.com :: URIPATH

 

(WA2) = Add to config/NonMultipartAttachment.config the following

 

# skydrive

Host == users.storage.live.com && BITS-Packet-Type == Fragment :: URIPATH

 

(WA3) = Add to config/NonMultipartAttachment.config the following

 

# outlook.com

Host == mail.live.com && URI == SilverlightAttachmentUploader :: HEADERFIELD: filename

 


Please note: Per RFC 2616 header re-ordering is allowed. Header reordering may occur with Proxies that have the content-length header in the beginning of the object.
See public KB TECH220145 for details and suggestions how to address this scenario.