This sometimes comes up in certain vulnerability scans stating Possible direct URL access to protected page on following enforce URLs.

• /ProtectManager/GlobalDialog?type=NOT_FOUND
• /ProtectManager/graphics/logo-DLP.ico
• /ProtectManager/js/globalDialog.js
• /ProtectManager/js/jquery/jquery-2.1.0.min.js
• /ProtectManager/js/logon.js

Vulnerability Scan result on Symantec DLP Enforce Console, where scanner might suggest following recommendation. 

Recommendation : - Ensure that all protected pages contain logic to enforce access controls. Do not simply rely on the absence of a link to a page as a form of protection for that page.

The URLs’ are required to be unprotected and are typically accessed without authentication (i.e. on the Enforce web-application authentication page).

• /ProtectManager/GlobalDialog?type=NOT_FOUND : - This is simply an error redirect for an object that isn’t found. Nothing sensitive here.
• /ProtectManager/graphics/logo-DLP.ico : - The logo image is not sensitive.
• /ProtectManager/js/globalDialog.js : - javascript code, required for proper functionality, not sensitive.
• /ProtectManager/js/jquery/jquery-2.1.0.min.js : - jquery javascript library, required for proper functionality, not sensitive.
• /ProtectManager/js/logon.js : - javascript code, required at the time of authentication, not sensitive.

The javascript code in the urls required during authentication, These cannot be protected with access control. The Enforce web-application simply has no context of the user in the pre-auth stage and none of these .js scripts are sensitive.

These reports in the vulnerability scan can be marked as false-positives. In case of other urls then listed please contact support