Steps to add and verify new Endpoint policies in DLP
book
Article ID: 174507
calendar_today
Updated On:
Products
Data Loss Prevention Endpoint Prevent
Issue/Introduction
Symantec Data Loss Prevention (DLP) Endpoint Prevent
A DLP Administrator wants to apply and verify Endpoint Prevent policies.
Resolution
How to apply and verify Endpoint Prevent policies.
- Create a Policy Group to apply to your Endpoint Prevent servers
- Navigate to System > Servers and Detectors > Policy Groups
- Click Add
- Provide a name and description for this group
- Select the Endpoint Server(s) to apply this policy group to
- Create a Policy to join the Endpoint Policy Group
- Navigate to Manage > Policies > Policy List
- Click “New” to generate a new policy or “Import” to import an existing policy
- If creating a new policy choose to either add a blank policy or to add a policy from a template.
- After you enter a Name, Description, and Policy Label, click the drop-down menu for Policy Group and select the newly created Endpoint Policy group
- After configuring the policy click Save
- Confirm your Endpoint Server(s) loaded the Policy Group and Policy
- Navigate to System > Servers and Detectors > Overview
- Click on an Endpoint Server
- In the Configuration box verify your new Policy Group
- In All Recent Events, verify that the new policy was loaded
- Ensure the policy was pushed to the agent via the Endpoint Event in Enforce
- Navigate to System > Agents > Overview
- Click the button representing the agent's status(OK, Warning or Critical)
- Filter for the agent you are testing
- Click the machine name hyperlink
- Find the appropriate, "The policy is updated" event in the agent event list
- Confirm that an endpoint agent received the new policy
- On the endpoint navigate to C:\Program Files\Manufacturer\Endpoint Agent\ps.ead
- The timestamp of this file is updated when a new policy is received
Feedback
thumb_up
Yes
thumb_down
No