Configuring the Chrome SDK connector for the DLP endpoint agent
search cancel

Configuring the Chrome SDK connector for the DLP endpoint agent

book

Article ID: 371085

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Core Package Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite

Issue/Introduction

The Chrome Content Analysis Connector Agent SDK was introduced starting with 16.0 RU1 and is an alternative to the Symantec extension used for Chrome.

Since it is an SDK connector, it requires configuration via a Chrome deployment policy to be enabled on the browser. The connector cannot be enabled by adding a registry configuration like how the extension is deployed. A Chrome Browser Cloud Management account is required for this configuration. 

This is a two-part article, first the Google cloud management setup and then the Symantec DLP configuration.

Environment

Endpoint Agent 16.0 RU1 and later

Resolution

Chrome Browser Cloud Management Setup:

Start with signing in or creating a Google Admin account. There are a few tiers of the Google Workspace or Chrome Enterprise accounts. This is dependent on the needs of the organization. Discuss with a Google representative for those questions. 

In this setup, we would be using the Chrome Enterprise Core tier, which is the no-cost tier. Follow the signup steps using the link below.

Chrome Enterprise Browser Cloud Management - Chrome Enterprise

Once the account is created log into the Google Admin console

Under Chrome browser > Settings

Click 'User & browser settings' and add a 'Category' filter with the value of 'Chrome Enterprise connectors'.

For the setting 'Allow enterprise connectors' make sure 'Allow user to enabled Enterprise Connectors' is selected. Also, follow the prompts to turn on Chrome Enterprise Connectors if seen.

Select 'Edit in legacy view' to enable the following settings. The setting are enabled by clicking the drop-down and selecting 'Symantec Endpoint DLP'.

  • Upload content analysis: Used by Chrome to send the full contents and metadata of files attached to web content for analysis.
  • Bulk text content analysis: Used by Chrome to send the full contents and metadata of clipboard contents pasted on the web for analysis.
  • Print content analysis: Used by Chrome to send the full contents and metadata of printed pages for analysis.

(You can clear the setting filter and add a 'Category' filter with the value of 'Chrome Enterprise connectors' again to get this view)

Click 'Save' on the upper right corner.

The Chrome browser must be enrolled/managed by the same OU for these settings to apply. 

To manage a browser this is done under Chrome browser > Managed browsers

At the top click on 'Enroll' and in this example, we are going to use the .reg file for enrollment.

Run the enroll_in_<id>.reg on the Windows machine. The machine now should appear under managed browsers.

Symantec DLP configuration:

The agents that would be using the SDK connector would have to be in their agent configuration. If there are endpoint agents in the environment that would still be using the Symantec extension, then agent groups would be used to separate those agents.

In System > Agents > Agent Configuration, choose the agent configuration to apply those changes.

Go to the 'Advanced Settings' tab and look for the ContentAnalysisSDK.CHROME_MONITORING.int setting and change the value to '1'.

In the 'Channels' tab, confirm that 'Chrome (HTTPS)' and 'Printer/Fax' (if print monitoring is desired) are enabled for the agent configuration.

Apply the changes to the agent configuration.

Additional Information

Attachments

Symantec Endpoint DLP Setup Guide.pdf get_app
Powered by Wolken Software