ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec File Share Encryption with DLP and the flex response plug-in

book

Article ID: 226470

calendar_today

Updated On:

Products

Endpoint Encryption Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Symantec File Share Encryption can be integrated into Symantec Data Loss Prevention to ensure files are encrypted when they need to be.  Because File Share Encryption offers a seamless experience to end users on encrypted files, this is an optimal use case to secure files that reside on a CISF fileserver.  The attached document will go over this information.

 

Using the Symantec DLP Flex Response Plug-in with Symantec File Share Encryption can allow for the following functionality:

*DLP detection of sensitive files will trigger the Flex Response Plug-in (flrinst.exe), which then invokes File Share Encryption to encrypt the files.

*Sensitive Files in transit can be automatically encrypted with File Share Encryption that match DLP Prevention detection rules, even when files are not in an encrypted share.

*Files encrypted with Symantec File Share Encryption enforced by the DLP Flex Response Plug-In can still be scanned for sensitive content once encrypted.
See the Symantec Data Loss Prevention Encryption Insight Implementation Guide for more information.

Resolution

Although the version of this document is for version 10.2, the current version of Symantec File Share Encryption concepts are still the same and still apply.  

As of the writing of this document, the current version of Symantec File Share Encryption is 10.5 with Symantec Encryption Management Server 10.5.

  

The location of the File Share Encryption "nsplugin_flexresponse.zip" is in the following directory where Symantec File Share Encryption is installed:

C:\Program Files\PGP Corporation\PGP Desktop

Once extracted, the nsplugin_flexresponse.py script will be used by DLP to perform needed encryption operations. 

 

For information on DLP Integration with Symantec Encryption Management Server, consult the User's Guide for Symantec Encryption Desktop 10.5 under Chapter 11 - Using File Share Encryption", under "Integrating with Symantec Data Loss Prevention".

 

To see the current version of all Symantec Encryption products, see the following article:

156303 - Symantec Encryption Products Current Version Available

Additional Information

Symantec Data Loss Prevention Encryption Insight Implementation Guide 

213405 - Flex Response Plug-in for Symantec Endpoint Encryption Removable Media Encryption

Attachments

1634656673181__pgpNetShare_DLPFlexResponse_1021_implementguide_en.pdf get_app