ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Which is the correct keystore folder for importing TLS certificates for Network Prevent for Email?


Article ID: 208318


Updated On:


Data Loss Prevention Enterprise Suite Data Loss Prevention Enforce Data Loss Prevention Network Prevent for Email


The documentation for importing TLS certificates into one's Network Prevent for Email server keystore suggests the following location for this keystore:


When you install Network Prevent for Email Server, the installer creates an empty keystore file in installdir

c:\Program Files\Symantec\DataLossPrevention\DetectionServer\15.7\Protect\keystore\prevent.ks


This actually is incorrect, and if the keystore file for SMTP Prevent is updated in this location, TLS handshakes will fail to find the certificate assigned.

As a result, connections to the downstream MTA will be dropped as soon as they are established, usually with a simple "Forward connection closed" in the RequestProcessor log.



Release : 15.7

Component :

Symantec™ Data Loss Prevention MTA Integration Guide for Network Prevent for Email (


The correct location of the SMTP Prevent keystore is defined in the "" file on the Detection Server.


#SMTP Prevent keystore
com.vontu.inline_smtp.keystore = /var/Symantec/DataLossPrevention/DetectionServer/15.7/keystore/prevent.ks



#SMTP Prevent keystore
com.vontu.inline_smtp.keystore = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/15.7/keystore/prevent.ks

Additional Information

Future versions of the above documentation should reflect this change.