Data Loss Prevention

 View Only
  • 1.  Symantec DLP endpoint OS space issue

    Posted Aug 03, 2012 03:52 AM

    Hi,

    We are facing space issue on enpoint clients, actually symantec DLP endpoint creating .VEP files in location C:\Program Files\Manufacturer\Endpoint Agent\temp. there is no policy is configured on enforce server.

    Kindly any one help us to prevent this.

    regards

    shoaib latif



  • 2.  RE: Symantec DLP endpoint OS space issue

    Broadcom Employee
    Posted Aug 03, 2012 10:18 AM

    DLP agent makes a snapshot of any file that are evaluating for removable storage.  That way, if the file is removed before DLP agent detect, DLP agent can still Monitor the file and create an incident, allowing us to be aware that the copy happened.  Before processing, the files are copied into an .snp files that are stored in the C:\Program Files\Manufacturer\Endpoint Agent\temp directory.

    The .snp (snapshot) files are the original copies of the files DLP agent scan. The file is then copied to a .vep (Vontu Endpoint) file, which is used in the detection process.



  • 3.  RE: Symantec DLP endpoint OS space issue

    Posted Aug 04, 2012 12:35 AM

    Hi Mirza,

    If you implement any of the above scenarios on your deployment, make sure that VEP file optimization is turned off. Go to System > Servers > Overview > Server Detail > Advanced Endpoint Settings and scroll down for FileSystem.ENABLE_VEP_FILE_ELIMINATION.int. The parameter should be set to 0.

    By default, VEP file optimization is disabled.



  • 4.  RE: Symantec DLP endpoint OS space issue

    Posted Aug 04, 2012 12:35 AM

    It make a snapshot of any file that we are evaluating for removable storage.  That way, if the file is removed before we detect, we can still Monitor the file and create an incident, allowing us to be aware that the copy happened.  Before processing, the files are copied into an .snp files that are stored in the C:\Program Files\Manufacturer\Endpoint Agent\temp directory. 

    The .snp (snapshot) files are the original copies of the files we scan. The file is then copied to a .vep (Vontu Endpoint) file, which is used in the detection process. 

    We keep the last 20 snp files so there should never be more than 20 files in this folder in v10. The .snp files should be removed if the edpa process is restarted. If there are more than 20 files or they are not removed after restarting the edpa process then contact technical support.

     

    VEP File Elimination should be disabled when:

    * Two-Tier policies are used on the endpoint, OR
    * Data Retention is enabled on the endpoint, OR
    * Symantec Endpoint Encryption is used on the endpoint.

     

    Otherwise, VEP File Elimination can be enabled.



  • 5.  RE: Symantec DLP endpoint OS space issue

    Posted Oct 09, 2012 02:25 PM

    Dear,
    these files are being generated on the user's machine and we have no policy enabled on the console. Is this normal?

    Thanks



  • 6.  RE: Symantec DLP endpoint OS space issue

    Posted Oct 10, 2012 11:30 AM

    kishorilat,

     

    thanks i was looking for that and couldnt remeber off th top of muy head where it was at..



  • 7.  RE: Symantec DLP endpoint OS space issue

    Trusted Advisor
    Posted Oct 10, 2012 07:59 PM

    If this fixed your problem,. Please close the item.

    make sure that VEP file optimization is turned off. Go to System > Servers > Overview > Server Detail > Advanced Endpoint Settings and scroll down for FileSystem.ENABLE_VEP_FILE_ELIMINATION.int. The parameter should be set to 0.

     



  • 8.  RE: Symantec DLP endpoint OS space issue

    Trusted Advisor
    Posted Oct 10, 2012 07:59 PM

    f