Using application monitoring for Google Chrome

book

Article ID: 178265

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

 

Resolution

In DLP 12.5 and earlier, Symantec Data Loss Prevention does not monitor sensitive information being moved to Google Chrome by default.

DLP 14.0 and later can monitor Google Chrome over the HTTP and HTTPS channels by default. Instead of using the following steps, refer to the Symantec Data Loss Prevention Administration Guide for your release for information on enabling this feature.

You can, however, add Chrome as one of the applications you want Data Loss Prevention to monitor. This article describes how to add and configure application monitoring for Chrome to optimize Data Loss Prevention performance. 

When you set up Application File Access monitoring for Chrome, Symantec recommends that you set DLP to ignore the path where Chrome stores browser-specific information, like cookies, cached files, and plugins. Ignoring this location helps optimize Application Monitoring performance by preventing DLP from monitoring these browser-specific files each time they are accessed.

To use application monitoring for Google Chrome, you complete the following steps:

  1. Add Google Chrome to the Application Monitoring screen.
  2. Configure file path settings.

Adding Google Chrome

Complete the following steps to add Google Chrome to the Application Monitoring screen:

  1. Enter information specific to Google Chrome on the Application Monitoring screen, which includes application name, binary name, and file name.
  2. Set monitoring options, which includes network access, print and fax monitoring, clipboard monitoring, and file system monitoring.
  3. Select Monitor Application File Access to enable application monitoring.

Refer to "Adding an application" in online Help or the Symantec Data Loss Prevention Administration Guide for additional information on this process.

Configuring file path settings

You optimize Google Chrome performance by adding a file path filter to the agent configuration.

Use the following steps to add a file path filter:

  1. Go to the Agent Configuration screen (System > Agents Agent Configuration).
  2. Click the name of an existing configuration to open it, or click Add Configuration.
  3. Locate the Filter by File Properties section on the Agent Monitoring tab.
  4. Click Add Monitoring Filter to display the Configure Server - File Filter screen.
  5. In the Filter Action section, select Ignore (do not monitor).
  6. In the Endpoint Channel section, select Application File Access.
  7. In the File Attributes section, select File Path on Destination.
  8. Enter the following in the File Path on Destination field:
    $LocalAppData$\Google\Chrome\*
  9. Click Save.
  10. Click Save on the Agent Configuration screen to enable your changes.