Why does the Chrome DLP plugin require write access?
search cancel

Why does the Chrome DLP plugin require write access?

book

Article ID: 268122

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite

Issue/Introduction

Symantec DLP Chrome browser extension and in this description, it reads that it has read and WRITE access to all your data.

Read access to user input data makes total sense. why does it have write access though?

Environment

Release: 15.8, 16.0

Cause

This is expected behavior

Resolution

Because we hook into the browser, we hook into the DOM "Document Object Model" And we inject scripts into that which do things like allow us to monitor paste, and stop it. That is considered changing your data on a Website.

So let's think of it this way.

Without the agent in the middle, a user would attempt to paste data into the browser.

It would go from the Windows clipboard, into the browser, and the browser would POST that data to the Website.

WITH the agent in the middle

It goes from the Windows clipboard, but when the user hits paste into the browser we hook into the middle of that process and we grab that data.

We then evaluate the data being pasted based on your policies, then as long as there is nothing to make us block the action, then the agent then pastes that data into the browser for it to POST. 

So the agent is the one doing that paste function, not the user or the OS.

So we are indeed changing your data, well at least we have to have the programmatical permission to do so in order to stop it.