Steps to add and verify new Endpoint policies in DLP
search cancel

Steps to add and verify new Endpoint policies in DLP

book

Article ID: 174507

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Symantec Data Loss Prevention (DLP) Endpoint Prevent

A DLP Administrator wants to apply and verify Endpoint Prevent policies.

Environment

  • 15.8.x
  • 16.0.x

Resolution

How to apply and verify Endpoint Prevent policies.

  1. Create a Policy Group to apply to your Endpoint Prevent servers
    1. Navigate to System > Servers and Detectors > Policy Groups
    2. Click Add
    3. Provide a name and description for this group
    4. Select the Endpoint Server(s) to apply this policy group to
  2. Create a Policy to join the Endpoint Policy Group
    1. Navigate to Manage > Policies > Policy List
    2. Click “New” to generate a new policy or “Import” to import an existing policy
    3. If creating a new policy choose to either add a blank policy or to add a policy from a template.
    4. After you enter a Name, Description, and Policy Label, click the drop-down menu for Policy Group and select the newly created Endpoint Policy group
    5. After configuring the policy click Save
  3. Confirm your Endpoint Server(s) loaded the Policy Group and Policy
    1. Navigate to System > Servers and Detectors > Overview
    2. Click on an Endpoint Server
    3. In the Configuration box verify your new Policy Group
    4. In All Recent Events, verify that the new policy was loaded
  4. Ensure the policy was pushed to the agent via the Endpoint Event in Enforce
    1. Navigate to System > Agents > Overview
    2. Click the button representing the agent's status(OK, Warning or Critical)
    3. Filter for the agent you are testing
    4. Click the machine name hyperlink
    5. Find the appropriate, "The policy is updated" event in the agent event list
  5. Confirm that an endpoint agent received the new policy
    1. On the endpoint navigate to C:\Program Files\Manufacturer\Endpoint Agent\ps.ead
    2. The timestamp of this file is updated when a new policy is received