Best practice: DLP Servers with Backup Solutions

book

Article ID: 170152

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

The DLP application reads and writes frequently to some common directories. If a Backup is running on a DLP Server, the DLP process may not be able to gain access to the files or folders and the DLP process may fail. To resolve this issue, exclude some directories from any scheduled or real-time Backup of the DLP servers.

Not Excluding these folders in the backup could result in corrupted data.

For Example, when a backup attempts to backup a file under the scan folder, various derby database failures can occur when the backup had temporarily blocked access to this incremental database causing the entire target to get scanned again as if it was a full scan.

Resolution

Using the Backup software, locate the area where you can define the directories for backup exclusion, and exclude the following directories from the backup:

For DLP 11.6 through 15.0:

/drop 
/drop_discover
/drop_ep
/drop_pcap
/drop_ttd
/icap_spool
/packet_spool
/SymantecDLP/Protect/incidents
/SymantecDLP/Protect/logs
/SymantecDLP/Protect/temp
/SymantecDLP/Protect/tomcat
/SymantecDLP/Protect/scan
/oracle

For DLP 15.1 and newer:

Enforce Server Specific:
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\logs
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\temp
C:\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\scan
C:\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\incidents
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\tomcatTemp
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\tomcatWorkDir
[Drive]:\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\tomcat

Detection Server Specific:
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\drop
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\logs
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\temp
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\scan
C:\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\incidents
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\spool

Oracle:
[Drive]:\oracle
You must also exclude the local temporary folder of the user that runs the DLP services (usually 'protect').

This can be tested by running the following command while logged in as the 'protect' user: echo %TEMP%

Typically the user is named protect, so by default the path is:
C:\Users\protect\AppData\Local\Temp

Note that for Windows Server 2003 and older, the default temp folder would have been:
C:\Documents and Settings\protect\Local Settings\Temp