Discover scans fail if SMB v1 is disabled

book

Article ID: 171588

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

DLP (Data Loss Prevention) Discover scans fail to scan a share hosted on Windows 2012 R2 or 2016 if SMB v1 has been disabled.
Quarantine to the Windows servers also fails.

SEVERE: Unknown Error. 
com.vontu.discover.repository.RepositoryException: Unknown Error. 

Cause

If jCIFS is enabled on a Network Discover server, DLP fails to scan files on Windows Server 2012 R2 and Windows Server 2016 systems that do not have SMB v1
enabled.

DLP fails to quarantine files associated with File System incidents to Windows Server 2012 R2 and Windows Server 2016 systems that do not have SMB v1 enabled.

Environment

DLP 14.x and 15.x
DLP Discover servers hosted on Linux, RHEL 6.9, 7, and Windows 2008 R2 Enterprise.

Resolution

Workaround for v15.0 and earlier:

Enable SMB v1 on all Windows Server 2012 R2 and Windows Server 2016 systems that you want to scan using jCIFS, or use as quarantine locations.

Update (May 2018):

There is a hotfix for DLP version 15.0 MP1, which will allow remediation of content on shares via Network Protect, using SMB v2 or SMB v3 using Windows Detection Servers.

Update (January 2019):

The fix for Linux Discover Servers is included in 15.5.
Engineering has created a hot fix for 15.1 MP1 for Linux Discover Servers.
Please contact Support to request the hot fix.