Data Loss Prevention Endpoint PreventData Loss Prevention
Issue/Introduction
You have deployed the DLP endpoint agent to your Mac OS machines and have deployed the required MDM profiles
In your test environment all is working well but, in production, incidents are not being generated for Outlook.
You have verified that the Symantec Outlook Add-in is present in Outlook
You have verified that there is a certificate called 'DLP Endpoint Addin Root Certification Authority' in the Keychain Access application
In the endpoint agent log files, even in FINEST mode, there is no detection attempt registered for Outlook at all when a test file is sent and no SEVERE or WARNING messages.
Environment
Release : 15.7 MP2+,15.8+ , Mac OS
Component : Endpoint, Outlook (16.30+)
Cause
The DLP Endpoint Addin Root Certification Authority that has been deployed in production is the one from the test environment agent package.
Agent certificates are unique to the Enforce server that generated the agent package. Certificates from one environment therefore will not work in another.
Resolution
Ensure that the addin_truststore.pem file from the correct agent package is provided to the MDM profile management team as per Symantec documentation.
This file name corresponds to the entry 'DLP Endpoint Addin Root Certification Authority' which can be seen in the Mac's Keychain Access application under System entries (filter on DLP).
Additional Information
With DLP 16.0 you can now use custom 3rd party certificates. Follow the link here for instructions.