PGP NetShare FlexResponse Plug-In for Data Loss Prevention

Similar documents
Creating New MACHINEGUID and Disk UUID Using the PGPWdeUpdateMachineUUID.exe Utility

Symantec Control Compliance Suite Express Security Content Update for Microsoft Windows Server 2008 R2 (CIS Benchmark 2.1.

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Symantec Control Compliance Suite Express Security Content Update for JBoss Enterprise Application Platform 6.3. Release Notes

PGP Viewer for ios. User s Guide 1.0

Symantec PGP Viewer for ios

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

Partner Information. Integration Overview. Remote Access Integration Architecture

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version May 2017

Veritas Desktop and Laptop Option Mobile Application Getting Started Guide

Symantec Validation and ID Protection. VIP Credential Development Kit Release Notes. Version January 2017

Symantec Cloud Workload Protection on AWS Marketplace. Buyer's Guide for Getting Started

PGP Viewer for ios. Administrator s Guide 1.0

Partner Information. Integration Overview Authentication Methods Supported

Symantec Protection Center Getting Started Guide. Version 2.0

Symantec ediscovery Platform

Altiris Symantec Endpoint Protection Integration Component 7.1 SP1 Release Notes

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Symantec Mail Security for Microsoft Exchange 7.9 Getting Started Guide

Veritas Desktop Agent for Mac Getting Started Guide

Veritas System Recovery 18 Management Solution Administrator's Guide

Symantec Managed PKI. Integration Guide for ActiveSync

Veritas Desktop and Laptop Option Mac Getting Started Guide

Enterprise Vault Versions of FSA Agent and Enterprise Vault Reporting or later

Altiris Client Management Suite 7.1 from Symantec User Guide

Veritas Desktop and Laptop Option 9.1 Qualification Details with Cloud Service Providers (Microsoft Azure and Amazon Web Services)

Veritas Desktop and Laptop Option 9.2

Veritas System Recovery 16 Management Solution Administrator's Guide

Symantec Enterprise Security Manager Modules for Oracle Release Notes

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Veritas Backup Exec Quick Installation Guide

Symantec Enterprise Vault

Enterprise Vault.cloud Journaling Guide

Symantec Patch Management Solution for Windows 8.5 powered by Altiris technology User Guide

Patch Assessment Content Update Getting Started Guide for CCS 12.0

Symantec Enterprise Vault

Symantec Enterprise Vault

Symantec Validation & ID Protection Service. Integration Guide for Microsoft Outlook Web App

Veritas CommandCentral Enterprise Reporter Release Notes

Veritas Data Insight Software Compatibility List 6.1.1

Symantec Workflow 7.1 MP1 Release Notes

Symantec Workflow Solution 7.1 MP1 Installation and Configuration Guide

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Veritas SaaS Backup for Office 365

Veritas NetBackup for Microsoft SQL Server Administrator's Guide

Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Microsoft SharePoint 2013

Altiris Software Management Solution 7.1 from Symantec User Guide

Veritas Data Insight 6.1 Software Compatibility List 6.1

Veritas ediscovery Platform

Symantec pcanywhere 12.5 SP4 Release Notes

Veritas NetBackup for Microsoft Exchange Server Administrator s Guide

Veritas Backup Exec Migration Assistant

Clearwell ediscovery Platform

Altiris IT Analytics Solution 7.1 from Symantec User Guide

Patch Assessment Content Update Getting Started Guide for CCS 11.1.x and CCS 11.5.x

Symantec Drive Encryption Evaluation Guide

Securing Your Environment with Dell Client Manager and Symantec Endpoint Protection

Symantec ServiceDesk 7.1 SP1 Implementation Guide

Enterprise Vault Migrating Data Using the Microsoft Azure Blob Storage Migrator or later

Dell PowerVault DL Backup to Disk Appliance and. Storage Provisioning Option

Veritas Desktop and Laptop Option 9.2. Disaster Recovery Scenarios

Enterprise Vault Using SQL Database Roles in Enterprise Vault, Compliance Accelerator, and Discovery Accelerator

Symantec NetBackup Vault Operator's Guide

Symantec System Recovery 2013 R2 Management Solution Administrator's Guide

Veritas Cluster Server Library Management Pack Guide for Microsoft System Center Operations Manager 2007

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Veritas ediscovery Platform

Enterprise Vault.cloud Archive Migrator Guide. Archive Migrator versions 1.2 and 1.3

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

Veritas Deployment Manager User's Guide

Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials. Solaris 10

Veritas SaaS Backup for Salesforce

NetBackup Copilot for Oracle Configuration Guide. Release 2.7.1

Veritas NetBackup Plug-in for VMware vsphere Web Client Guide. Release 8.1.1

Symantec Enterprise Vault Technical Note

Enterprise Vault Requesting and Applying an SSL Certificate and later

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Symantec Endpoint Protection Mobile - Admin Guide v3.2.1 May 2018

Veritas Enterprise Vault Guide for Mac OS X Users 12.2

Veritas System Recovery 18 Linux Edition: Quick Installation Guide

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

IM: Symantec Security Information Manager Patch 4 Resolved Issues

Veritas NetBackup for SQLite Administrator's Guide

Symantec Enterprise Security Manager JRE Vulnerability Fix Update Guide

Veritas Cluster Server Application Note: High Availability for BlackBerry Enterprise Server

Symantec Information Centric Analytics Symantec ICT Integration Guide. Version 6.5

Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX. Version 4.2

Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX. Version 4.6

Blue Coat Security First Steps Solution for Controlling HTTPS

Veritas NetBackup Vault Operator's Guide

Veritas NetBackup Backup, Archive, and Restore Getting Started Guide. Release 8.1.2

Symantec Desktop and Laptop Option 8.0 SP2. Symantec Desktop Agent for Mac. Getting Started Guide

Enterprise Vault Guide for Outlook Users

Veritas NetBackup for Microsoft Exchange Server Administrator s Guide

Security Content Update Release Notes for CCS 12.x

User Guide. We protect more people from more online threats than anyone in the world.

Cluster Server Generic Application Agent Configuration Guide - AIX, Linux, Solaris

Veritas Desktop and Laptop Option 9.2. High Availability (HA) with DLO

Transcription:

PGP NetShare FlexResponse Plug-In for Data Loss Prevention Implementation Guide 10.2

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Version 10.2.1. Last updated: April 2012. Legal Notice Copyright (c) 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. Commercial Computer Software and Commercial Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 Symantec Home Page (http://www.symantec.com) Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1

Contents Introducing the PGP NetShare FlexResponse Plug-In Overview Audience and Scope Installing the PGP NetShare FlexResponse Plug-In Requirements How to Install the PGP NetShare FlexResponse Plug-In Configuring the PGP NetShare FlexResponse Plug-In Configuring Symantec Data Loss Prevention Configuration Steps Summary Uninstalling the PGP NetShare FlexResponse Plug-In 1 1 1 3 3 4 7 7 7 13

1 Introducing the PGP NetShare FlexResponse Plug-In The PGP NetShare FlexResponse Plug-In for Data Loss Prevention automatically encrypts sensitive files without end-user intervention. In This Chapter Overview... 1 Audience and Scope... 1 Overview The PGP NetShare FlexResponse Plug-In for Data Loss Prevention integrates the detection and enforcement capabilities of Symantec Data Loss Prevention with the encryption features of PGP NetShare. The integrated products interact as follows: 1 The Symantec Data Loss Prevention administrator defines organizational policies with rules that define file sensitivity and responsive actions. Sensitive files can be in transit (downloaded from or uploaded to the network by a user, or copied, moved, or saved on a user's computer) or stored locally on a user's computer. 2 Symantec Data Loss Prevention determines that a file conforms to the Symantec Data Loss Prevention detection rule. 3 Symantec Data Loss Prevention performs the action specified in its response rule, which is to execute the PGP NetShare FlexResponse Plug-In. 4 The PGP NetShare FlexResponse Plug-In attempts to encrypt the file with the provided encryption credentials: The file is encrypted if the keys provided can be resolved locally or by connecting with the PGP Universal Server, if necessary. The file is not encrypted if the encryption keys cannot be resolved. Audience and Scope This guide is written for the Symantec Data Loss Prevention administrator. The administrator configures the Symantec Data Loss Prevention product to work with PGP NetShare by defining policies, detection rules, and response rules that include actions, conditions, and parameters.

2 Introducing the PGP NetShare FlexResponse Plug-In Audience and Scope Detailed information on how to use the Symantec Data Loss Prevention product can be found in these documents: Symantec Data Loss Prevention Installation Guide for Windows, version 11.1 or 11.5 Symantec Data Loss Prevention Administration Guide, version 11.1 or 11.5 A large part of the administrator's job is to define parameters that consist of roles (the level of accessibility to the encrypted file) and their associated encryption credentials. Even if the Symantec Data Loss Prevention administrator is not also the PGP administrator, the Data Loss Prevention administrator must understand the key concepts and terminology used in the PGP products, to effectively define Symantec Data Loss Prevention policies and rules. PGP product information can be found in these documents: PGP Universal Server Installation Guide, version 3.2.1 PGP Universal Server Administrator s Guide, version 3.2.1 PGP Desktop for Windows User s Guide, version 10.2.1 PGP NetShare Quick Start Guide, version 10.2.1 The scope of this guide is to define only the areas where the two products intersect. This guide contains a summary of the steps required for policy and rule configuration. A section with definitions and best practices explains the advantages for choosing specific settings; a table lists the syntax for entering response rule parameters.

2 Installing the PGP NetShare FlexResponse Plug-In This section provides information on the requirements and installation procedure. The products may be installed in any sequence. In This Chapter Requirements... 3 How to Install the PGP NetShare FlexResponse Plug-In... 4 Requirements Required Products Before the PGP NetShare FlexResponse Plug-In can be used, the following products must be purchased and installed. Table 2.1 Required Products, Versions, and Product Components Product Name Version Components PGP Universal Server 3.2.1 PGP Desktop for Windows 10.2.1 With licensed PGP NetShare running in a PGP Universal Server managedusers environment Symantec Data Loss Prevention Endpoint Prevent Symantec Data Loss Prevention Standard 11.1.x, 11.5.x 11.1.x, 11.5.x Enforce Server Endpoint Server Endpoint Agents Additional Component Before you begin, make sure you have the following additional component. If you don t have it, contact your sales representative. Table 2.2 Required Additional Component Component Name Endpoint FlexResponse utility File Name flrinst.exe

4 Installing the PGP NetShare FlexResponse Plug-In How to Install the PGP NetShare FlexResponse Plug-In How to Install the PGP NetShare FlexResponse Plug-In To install the PGP NetShare FlexResponse Plug-In, complete the following steps, shown in summary form below. Start by reviewing the steps, then go to the appropriate guide for details: For step 1, refer to the Symantec Data Loss Prevention Installation Guide. For steps 2 and 3, refer to the Symantec Data Loss Prevention Administration Guide. For step 4, refer to one or more of these guides: PGP Universal Server Administrator s Guide PGP Desktop for Windows User s Guide PGP NetShare Quick Start Guide To install the PGP NetShare FlexResponse Plug-In 1 Install a Symantec DLP Agent on each endpoint. 2 Locate the folder in which the Symantec DLP Agent was installed. By default, the path is C:\Program Files\Manufacturer\Endpoint Agent\. 3 Place the Endpoint FlexResponse utility (flrinst.exe) in the Symantec DLP Agent installation directory. 4 Make sure PGP Desktop for Windows, version 10.2.1, is installed in this directory: C:\Program Files\PGP Corporation\PGP Desktop\. The settings should support: The PGP NetShare feature enabled Server Key Mode, where the PGP Universal Server manages the encryption keys Managed users, where PGP Desktop software settings and policies are preconfigured by the PGP administrator The PGP NetShare FlexResponse Plug-In (nsplugin_flexresponse.zip) is located in the PGP Desktop installation directory. 5 (optional) Copy the PGP NetShare FlexResponse Plug-In to the Symantec DLP Agent installation directory. 6 With administrator privileges, navigate to the flrinst.exe file, using either a command prompt window or a batch script. 7 From your command prompt or batch script, issue the following command: flrinst.exe -op=install -package=[path\]nsplugin_flexresponse.zip -p=<password> The path is needed if the ZIP file resides in a location other than the Symantec DLP Agent installation directory. Note: The -p command is required if you are using Data Loss Prevention version 11.1.1 or later.

Installing the PGP NetShare FlexResponse Plug-In How to Install the PGP NetShare FlexResponse Plug-In 5 8 Remove the flrinst.exe file from the endpoint. Tip: The removal of the Endpoint FlexResponse utility is a best practice to prevent end users from tampering with and circumventing Symantec Data Loss Prevention endpoint security policies.

3 Configuring the PGP NetShare FlexResponse Plug-In No configuration of the PGP NetShare product is required in order to work with the PGP NetShare FlexResponse Plug-In. When PGP Desktop for Windows, version 10.2.1, is installed on a client, the PGP NetShare FlexResponse Plug-In is in the installation folder. Once you deploy the PGP NetShare FlexResponse Plug-In, the integration is complete and ready for you to configure Symantec Data Loss Prevention. In This Chapter Configuring Symantec Data Loss Prevention... 7 Configuring Symantec Data Loss Prevention You must configure Symantec Data Loss Prevention to work with the PGP NetShare Flex Response Plug-In, using the console on Symantec Data Loss Prevention Endpoint Protect or Symantec Data Loss Prevention Standard. You will be setting policies and detection rules, and defining response rules that specify conditions, actions, and parameters. Review the steps in Configuration Steps Summary (on page 7). These high-level steps specify any field values required or recommended for the PGP NetShare integrated functionality; however, you must refer to the Symantec Data Loss Prevention Administration Guide for details on using the server console interface. Configuration Steps Summary To configure Data Loss Prevention 1 Enable Endpoint FlexResponse. 2 Configure the DLP Agent. To do this, under System-->Agents-->Agent Configuration, for Agent Monitoring: Under Destinations, select Local Drive. Under Network Shares, select Copy to local drive and Copy to share. 3 Create or edit a policy and then add a detection rule to the policy that identifies the files that should be encrypted. Note: The PGP administrator may identify for PGP NetShare the files for which encryption is prevented (blacklisted) or forced (whitelisted). If you identify files for detection that are also on a blacklist or whitelist, the precedence for encryption/non-encryption is: 1) blacklist, 2) Data Loss Prevention detection rule, 3) whitelist. For details on blacklists and whitelists, refer to the PGP Universal Server Administrator s Guide.

8 Configuring the PGP NetShare FlexResponse Plug-In Configuring Symantec Data Loss Prevention 4 Create and Configure a Response Rule: Define Conditions, Actions, and Parameters. For the rule type, select Automated Response. 5 Examples of how to set the Conditions follow: For data in transit, set the Conditions like this: Select Protocol or Endpoint Monitoring. Select Is Any Of. Select Endpoint Copy to Network Share and Endpoint Local Drive. For stored data, set the Conditions like this: Select Incident Type. Select Is Any Of. Select Discover. For data in transit as well as stored data, set the Conditions like this: Select Protocol or Endpoint Monitoring. Select Is None Of. Select Removable Storage Endpoint Device. Note: Another option is that if you have only one FlexResponse Plug-In, do not set any Conditions. Data in transit is monitored and stored data is discovered. Be sure to specify Actions and Parameters, however. 6 Set the Actions. To do this: For the action type, choose Endpoint FlexResponse, then click Add Action. In the Python Plugin box, type nsplugin_flexresponse. When you enter the plug-in name, ensure that your entry is all lowercase and does not include the file name extension. For example, if the plug-in file name is nsplugin_flexresponse.zip, remove the.zip file extension. 7 Define one or more Parameters. Each encryption Key/Value pair constitutes one parameter. The key(s) are used by the PGP NetShare FlexResponse Plug-In to encrypt the PGP NetShare symmetric key of a file identified by a Data Loss Prevention policy as sensitive. Before defining Key/Value pairs, read the definition of terms and best practices by referring to Understanding Parameters: Key/Value Pairs (on page 9). When you are ready to enter them, refer to Setting Parameters: Key/Value Pairs (on page 9) for proper syntax. Add one or more Key/Value pair parameters. Note: The Key/Value pairs are not validated against the PGP Universal Server keys when added; they are validated/resolved at the time of attempted encryption. 8 Save the rule, give it a meaningful name and optional useful description. 9 Add the response rule to the policy.

Configuring the PGP NetShare FlexResponse Plug-In Configuring Symantec Data Loss Prevention 9 Note: Once data is encrypted by the NetShare Flex Response Plug-In in accord with the current policy, if that policy is modified (that is, the encryption access control list changes), the files that are already encrypted will not be modified to use the new policy. Only newly encrypted files will be affected. Refer to Best Practices for Setting Key/Value Pairs (on page 11) for the recommendation to use Group Keys in addition to a local_user to encrypt files. This practice will help you address access changes to previously encrypted files. Understanding Parameters: Key/Value Pairs For each Response Rule parameter, you define a user role, identified as Key in the Data Loss Prevention console interface, coupled with encryption credentials, identified as Value. (Note that the Data Loss Prevention console s fields Key/Value correspond to PGP NetShare s concepts of Role/Key.) Key/Value pairs allow you: To define the role (access relationship) you would like a user or group to have to a sensitive file, and To specify the encryption credentials of one or more users or groups who would have such access. Roles ("Key" field) The three types of roles you can assign to users in the Key field are described below briefly. For an in-depth explanation of these roles, refer to the PGP Desktop for Windows User s Guide. Admin The owner of the protected file. The Admin can add and remove users to the Access Control List. The Admin has full read/write access to the protected file. A file must have an Admin. There can be only one Admin. Group Admin An administrator of the protected file. The Group Admin can add and remove users. There can be multiple Group Admins. A Group Admin has full read/write access to the protected file. User One of a potential set of users allowed access to the protected file. Although the file is encrypted to a user s key, the user cannot decrypt the file. A User has full read/write access to the protected file. Setting Parameters: Key/Value Pairs The following table lists the syntax and behavior of Key/Value pairs. For additional information, see Best Practices for Setting Key/Value Pairs (on page 11).

10 Configuring the PGP NetShare FlexResponse Plug-In Configuring Symantec Data Loss Prevention Table 3.1: Key/Value Pairs: Syntax and Behavior Key Value Behavior admin A single key, or multiple keys, separated by semicolons* One key value is used to encrypt. If multiple keys are specified: Keys are scanned left to right. The first key resolved is used. If Value is not specified, the configuration is invalid. If Value is specified but cannot be resolved, encryption fails. Role granted: admin This parameter is required. group_admin 1 through n keys, separated by semicolons* If multiple keys are specified: All resolved key values are used. If one or more keys cannot be resolved, the remaining resolved keys are used. If the group_admin key is not resolved, it is ignored. Role granted: group admin This parameter is optional. user 1 through n keys, separated by semicolons* If multiple keys are specified: All resolved key values are used. If one or more keys cannot be resolved, the remaining resolved keys are used. If the user key is not resolved, it is ignored. Role granted: user This parameter is optional. discovery_key 1 through n keys, separated by semicolons This key is required for stored data discovery. This list of keys will be substituted for local_user value, if local_user is specified in Value for admin, group_admin, or user. Role granted: Assumes the role of admin, group admin, or user, depending on where the substitution occurs. *Value can be the literal local_user ; the Key ID or Key Name for an end user, a group, or Additional Decryption Key (ADK); and/or an exported Public Key. (For more information on using public keys, see How to Export a Public Key (on page 12).) When used for data-in-transit monitoring, local_user resolves to the key of the authenticated Windows user logged in to the system where the PGP NetShare FlexResponse Plug-In is executing the encryption. When used for stored data discovery, local_user resolves to the discovery_key. When specifying an ADK for discovering stored files, add the ADK Key ID as part of the discovery_key.

Configuring the PGP NetShare FlexResponse Plug-In Configuring Symantec Data Loss Prevention 11 Best Practices for Setting Key/Value Pairs For a detailed description of all key concepts, see the PGP Universal Server Administrator s Guide and the PGP Desktop for Windows User s Guide. Best practices recommended as you set the Key/Value pair Response Rule parameters follow: For the majority of your data-in-transit parameters, simply define one Key/Value pair as admin=local_user. The benefits of using this configuration are: Allowing the user of the data to continue to have access while protecting the data from those who do not require access, Executing encryption quickly: a local user is by definition logged on to Windows on the endpoint computer. Their credentials are cached and readily available for encryption. No overhead or time delay is involved trying to connect to the PGP Universal Server to resolve the key. An alternative way to configure your data-in-transit parameters is to define two Key/Value pairs: admin=local_user and user=<group_key public key>. In this scenario, a sensitive file is made available not only to the primary owner, but also to multiple users who have a common need. Using a group key not only simplifies data entry in the Value field, but it provides a method to change the existing access list for an encrypted file. To change the list of users that a file is encrypted to, have the PGP administrator change the membership of that group. The next time the file is touched, it is re-encrypted to the new access list. Using a public key enables you or the PGP administrator to export the public-key portion of a public/private key pair and paste it directly into the parameter s Value field. By providing this explicit value to the PGP NetShare FlexResponse Plug-In, no overhead or time delay is involved trying to connect to the PGP Universal Server to resolve the key for encryption. To see how to export a public key, see How to Export a Public Key (on page 12). If you do specify individual user keys, be as precise with Key Names as possible to avoid incorrect key resolution. A better option is to use Key ID (or email address), which is always unique. For a policy targeted at discovering sensitive stored data, defining two Key/Value pairs is recommended: admin=local_user and discovery_key=<group_key public key>. The discovery_key provides a list of users and/or groups whose credentials will be used to encrypt stored data. If the local user is not available, the discovery_key credentials are substituted so that encryption can proceed. Consider specifying an Additional Decryption Key (ADK) in the Value field, in addition to a Group Key or individual keys, or as part of the discovery_key. Using an ADK provides a key that is at the company level and that an administrator can use to decrypt a file, especially if an employee is unavailable or has left the company.

12 Configuring the PGP NetShare FlexResponse Plug-In Configuring Symantec Data Loss Prevention How to Export a Public Key A public key is half of a public/private encryption key pair. It digitally identifies a user or group with the portion of the encryption key intended for wide distribution. To export a public key 1 Access the PGP Universal Server administrative interface (or ask the PGP administrator to do so). 2 From this console, navigate to Keys > Managed Keys. 3 From the list of Managed Keys, identify the key in which you are interested and click Export. 4 In the Export Key dialog box, select Export Public Key. 5 Select Export simple character string format. This option removes newline characters. 6 Click Export and save it as a text file to a desired location. You can now copy and paste the text into the Value field of a Key/Value pair parameter.

4 Uninstalling the PGP NetShare FlexResponse Plug-In To uninstall the PGP NetShare FlexResponse Plug-In, complete the following steps. Review the following summary of steps, then refer to the Symantec Data Loss Prevention Administration Guide for details. To uninstall the PGP NetShare FlexResponse Plug-In 1 Locate the folder in which the Symantec DLP Agent was installed. By default, the path is C:\Program Files\Manufacturer\Endpoint Agent\. 2 Place the Endpoint FlexResponse utility (flrinst.exe) in the same directory. 3 Navigate to the flrinst.exe file, using either a command prompt window or batch script. 4 With administrator privileges, from your command prompt window or batch script, issue the following command: flrinst.exe -op=uninstall -package=nsplugin_flexresponse.zip -p=<password> Note: The -p command is required if you are using Data Loss Prevention version 11.1.1 or later. 5 Remove the flrinst.exe file from the endpoint.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback