Symantec File Share Encryption with DLP and the flex response plug-in
Article ID: 226470
Updated On:
Products
Issue/Introduction
PGP Encryption Desktop's File Share Encryption can be integrated into Symantec Data Loss Prevention to ensure files are encrypted when they need to be. Because PGP File Share Encryption offers a seamless experience to end users on encrypted files, this is an optimal use case to secure files that reside on a CISF fileserver. The attached document will go over this information.
Using the Symantec DLP Flex Response Plug-in with PGP File Share Encryption can allow for the following functionality:
*DLP detection of sensitive files will trigger the Flex Response Plug-in (flrinst.exe), which then invokes File Share Encryption to encrypt the files.
*Sensitive Files in transit can be automatically encrypted with File Share Encryption that match DLP Prevention detection rules, even when files are not in an encrypted share.
*Files encrypted with PGP File Share Encryption enforced by the DLP Flex Response Plug-In can still be scanned for sensitive content once encrypted.
See the Symantec Data Loss Prevention Encryption Insight Implementation Guide for more information.
Environment
Symantec File Share Encryption 10.5.x, 11.0.x, 11.5
Resolution
Starting with DLP 16.1.00101.60142, the python scripts in the Nsplugin_flexresponse plugin were updated, so new variables should be used.
In the older versions of DLP, the following variables were used (and should be replaced with the new variables for the newer version of Python):
"_winreg" to be replaced with "winreg"
"unicode" to be replaced with "str"
Once these variables are updated in the python script, the normal operations should be restored.
Reach out to Symantec Encryption Support if you are having issues even after updating these variables in the new python script.
With the exception to the above note about the Python variables being updated, the version of this document is for version 10.2, but generally applies to the current version of PGP Encryption Desktop's File Share Encryption solution.
As of the writing of this document, the current version of PGP File Share Encryption is 11.5 with the PGP Encryption Server 11.5.
The location of the File Share Encryption "nsplugin_flexresponse.zip" is in the following directory where PGP File Share Encryption is installed:C:\Program Files\PGP Corporation\PGP Desktop
Once extracted, the nsplugin_flexresponse.py script will be used by DLP to perform needed encryption operations.
To see the current version of all Symantec Encryption products, see the following article:
156303 - Symantec Encryption Products Current Version Available
Additional Information
Symantec Data Loss Prevention Encryption Insight Implementation Guide
213405 - Flex Response Plug-in for Symantec Endpoint Encryption Removable Media Encryption
226470 - Symantec File Share Encryption with DLP and the flex response plug-in
406073 - PGP Encryption Server and Symantec Data Loss Prevention Integration Guide
160675 - DLP Agent Flex Response Plug-in Install and Configuration
Attachments
Feedback
