search cancel

Which is the correct keystore folder for importing TLS certificates for Network Prevent for Email?


Article ID: 208318


Updated On:


Data Loss Prevention Enterprise Suite Data Loss Prevention Enforce Data Loss Prevention Network Prevent for Email


A prior version of the documentation for importing TLS certificates into one's Network Prevent for Email server keystore suggested the following location for this keystore:


When you install Network Prevent for Email Server, the installer creates an empty keystore file in installdir

c:\Program Files\Symantec\DataLossPrevention\DetectionServer\15.7\Protect\keystore\prevent.ks


This was actually incorrect, and if the keystore file for SMTP Prevent is updated in this location, TLS handshakes will fail to find the certificate assigned.

As a result, connections to the downstream MTA will be dropped as soon as they are established, usually with a simple "Forward connection closed" in the RequestProcessor log.



Release : 15.7+

Component :

Symantec™ Data Loss Prevention MTA Integration Guide for Network Prevent for Email (


The correct location of the SMTP Prevent keystore is defined in the "" file on the Detection Server.


#SMTP Prevent keystore
com.vontu.inline_smtp.keystore = /var/Symantec/DataLossPrevention/DetectionServer/15.7/keystore/prevent.ks



#SMTP Prevent keystore
com.vontu.inline_smtp.keystore = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/15.7/keystore/prevent.ks

Additional Information

Current versions of the above documentation already reflect this change - this article is for informational purposes only and will be removed at a future date.