As per Symantec™ Data Loss Prevention Detection Customization Guide, enabling advanced function requires setting the system property "genieScript.ADVANCED_FUNCTION_ENABLED.str" to true.

Without it, you will be not able to use Execute, Print and ReadFile functions in your custom scripts.

Release : All supported versions of DLP (15.x-16.x)

The system property has to be enabled on Enforce and all Detection servers.

On the Enforce Server:

1. Go to X:\Program Files\Symantec\DataLossPrevention\EnforceServer\Services (Windows) or /opt/Symantec/DataLossPrevention/EnforceServer/Services (Linux)

2. Open SymantecDLPManager.conf and add the line below under additional 202 settings:

wrapper.java.additional.203 = -DgenieScript.ADVANCED_FUNCTION_ENABLED.str=true

3. Save the file and restart the DLP Enforce services.

On each of the Detection Servers:

1. Go to the Enforce console, click on the Detection Server and go to Server Settings.

2. Add below:

-DgenieScript.ADVANCED_FUNCTION_ENABLED.str=true

at the end of the already existing BoxMonitor.FileReaderMemory settings, e.g.:

-Xrs -Xms1200M -Xmx4G -DgenieScript.ADVANCED_FUNCTION_ENABLED.str=true

3. Save the settings and recycle the DLP service on the Detection Server.