search cancel

Network Discover Manual Quarantine Failing and the localhost log shows a ShutdownHooks permissions issue

book

Article ID: 173931

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Network Discover Data Loss Prevention

Issue/Introduction

Manual quarantine and manual release from quarantine Smart Responses (part of the Symantec Data Loss Prevention flex response server plugin) no longer work in 15.5, 15.7. The green banner pops up on the screen saying that the action will take place asynchronously; but, the action never occurs. It is now failing with a permission error mentioning ShutdownHooks in the localhost log. 

The localhost log will show these errors:

Level: SEVERE
Source: com.vontu.incidentresponse.action.invoker.ActionInvoker
Message: (RESPONSE_ACTION.13) FlexResponse Action [Release From Quarantine] failed and threw an exception: ExceptionInInitializerError.
Cause:
java.lang.ExceptionInInitializerErrorjava.lang.ExceptionInInitializerError
at com.symantec.dlpx.flexresponse.quarantine.releasefromquarantine.ReleaseFromQuarantineAction.executeUndoQuarantine(ReleaseFromQuarantineAction.java:94)
at com.symantec.dlpx.flexresponse.quarantine.releasefromquarantine.ReleaseFromQuarantineAction.execute(ReleaseFromQuarantineAction.java:69)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:313)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:297)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.run(ActionInvoker.java:171)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks")
at com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineUtilities.<clinit>(QuarantineUtilities.java:79)
... 8 more

Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Runtime.addShutdownHook(Runtime.java:209)
at jcifs.context.AbstractCIFSContext.<init>(AbstractCIFSContext.java:44)
at jcifs.context.BaseContext.<init>(BaseContext.java:69)
at com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineUtilities.<clinit>(QuarantineUtilities.java:67)
... 8 more

java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks")java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks")
at com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineUtilities.<clinit>(QuarantineUtilities.java:79)
at com.symantec.dlpx.flexresponse.quarantine.releasefromquarantine.ReleaseFromQuarantineAction.executeUndoQuarantine(ReleaseFromQuarantineAction.java:94)
at com.symantec.dlpx.flexresponse.quarantine.releasefromquarantine.ReleaseFromQuarantineAction.execute(ReleaseFromQuarantineAction.java:69)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:313)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:297)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.run(ActionInvoker.java:171)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Runtime.addShutdownHook(Runtime.java:209)
at jcifs.context.AbstractCIFSContext.<init>(AbstractCIFSContext.java:44)
at jcifs.context.BaseContext.<init>(BaseContext.java:69)
at com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineUtilities.<clinit>(QuarantineUtilities.java:67)
... 8 more

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks")java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Runtime.addShutdownHook(Runtime.java:209)
at jcifs.context.AbstractCIFSContext.<init>(AbstractCIFSContext.java:44)
at jcifs.context.BaseContext.<init>(BaseContext.java:69)
at com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineUtilities.<clinit>(QuarantineUtilities.java:67)
at com.symantec.dlpx.flexresponse.quarantine.releasefromquarantine.ReleaseFromQuarantineAction.executeUndoQuarantine(ReleaseFromQuarantineAction.java:94)
at com.symantec.dlpx.flexresponse.quarantine.releasefromquarantine.ReleaseFromQuarantineAction.execute(ReleaseFromQuarantineAction.java:69)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:313)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:297)
at com.vontu.incidentresponse.action.invoker.ActionInvoker.run(ActionInvoker.java:171)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
SEVERE 
[com.vontu.incidentresponse.action.invoker.ActionInvoker] The plugin action raised an exception.
Cause:
java.lang.NoClassDefFoundError: Could not initialize class 
com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineUtilitiesjava.lang.NoClassDefFoundError: Could not initialize class 
com.symantec.dlpx.flexresponse.quarantine.shared.QuarantineUtilities
 at com.symantec.dlpx.flexresponse.quarantine.releasefromquarantine.ReleaseFromQuarantineAction.executeUndoQuarantine(ReleaseFromQuarantineAction.java:94)
 at com.symantec.dlpx.flexresponse.quarantine.releasefromquarantine.ReleaseFromQuarantineAction.execute(ReleaseFromQuarantineAction.java:69)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:313)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.invokeActionAndPersistResults(ActionInvoker.java:297)
 at com.vontu.incidentresponse.action.invoker.ActionInvoker.run(ActionInvoker.java:171)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks")

Cause

java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "shutdownHooks") needs that permission in manager.policy. 

Resolution

  1. Take a backup of: \Symantec\DataLossPrevention\EnforceServer\15.5\Protect\config\manager.policy
  2. Edit: \Symantec\DataLossPrevention\EnforceServer\15.5\Protect\config\manager.policy
  3. Search for “jcifs.smb.SmbFile”, you should find 2 matches like this:
     // jcifs.smb.SmbFile

    permission java.net.NetPermission "specifyStreamHandler";
  4. Add a new line below the "permission java.net.NetPermission "specifyStreamHandler";" for both locations. 
  5. ADD:
    permission java.lang.RuntimePermission "shutdownHooks";
  6. The final file should look like: 
     // jcifs.smb.SmbFile

    permission java.net.NetPermission "specifyStreamHandler";
    permission java.lang.RuntimePermission "shutdownHooks";
  7. Stop Incident Persister Service, then the Manager Service
  8. Start the Manager Service, then Incident Persister Service