I am looking for a capabilities Matrix that someone may have completed for SEP 14.x vs Windows Defender? If someone has completed one could you please upload to our forum discussion or a link to where there may be one.
Cutting to the chase here..
I have 3 SEP environments to manage. One is 14.x, the other 2 are 12.1.x, and we are trying to decomm those. On both old servers, I have XP clients that can’t have their OS upgraded due to application support for what they do.
Do I need to install a new SEPM 14 Legacy client to these XP devices, or can I simply send a Comm update and have them report and receive updates from the SEP 14 side with no other client changes?
I had been intercepting ssl traffic and non domain computers were couldn’t authenticate with IWA authentication. Also domain users cannot authentication with windows sso. I want to intercept only specific destination address and other destination wouldn’t intercepted.
1. Domain user’s received below error message from proxy.
2. Non domain user’s received below error message from proxy.
Proxy layer description:
|Any||Any||Windows sso and PermitAuthenticationError||None|
|Any User Authentication Error||Any||AuthenticateGuest(IWA)||None|
|Any||example.com||http and https||any||Allow||None|
|email@example.com||onlyauth.com||http and https||any||Allow||None|
Looking to get guidance on data discovery scans I would to perfrom in a large enterprise envrionment that highly sensitive organization. We are looking at 500+ servers (File and Databases) and 3000+ endpoint laptops/desktops. The goal is to discover PII data on these target systems. The goal is to perfrom discovery scans on the target endpoints while limiting the network impact and impact on the target systems.
Currently I am stuck between using IDM and EMDI and trying to understand if Keyword matching or RegEx utilization will be sufficient to discover PII without impacting the network. The challange here with IDM and EMDI is creating the data source indexs and there are challanges in terms of scability. Any guidance on the approach to take in performing ONLY data discovery would be appreciated. Thank you.
Are there any guides that explain how to scale DLP envrionment in terms of adding endpoint and network discover servers when going from TBs of data to PTs of data?
Curious as to what the official stance is on wildcards in keyword lists in Data Protection rules. Inside a keyword list, it clearly states “You can use the asterisk “*” as a wildcard character in a list. The asterisk “*” wildcard can represent any number of characters. “, but when attempting to use a keyword list and something like “*@umin.ac.jp”, the rule fails. Opening up a ticket with Symantec eventually lead to it’s “not recommended” to use wildcards in keyword lists, even though it clearly states I can. I feel like I’m getting the run around from support on this because no one wants to acknowledge this is some kind of issue/bug. Anyone else have any experince with this?
Does anyone know how to translate IP_Addr to readable IPv6 format?. There is a way to translate to readable IPv4 desribed here https://support.symantec.com/en_US/article.TECH175456.html but that doesn’t apply to IPv6 and You will get wierd numbers.