Wednesday, March 5, 2014

Disabling the Symantec DLP Agent notifications

I’ve been branching out from the normal infrastructure stuff I’ve been doing into more security oriented fields.  Part of what I now do includes Data Loss Prevention, and I’m proud to say that I’ve recently completed my first Symantec DLP deployment.  It also happened to be the first deployment in Africa, outside of South Africa.

By default the Symantec DLP endpoint agent displays a notification when it scans for sensitive content, like so:
image

In this case the customer did not want to let the end-user see what was going on so we had to disable.  Unfortunately this seemingly simple UI option is not so simple – here is what you have to do

Log into the DLP Console.  Go to System -> Agent Configuration
image

-> Edit config -> Advanced Agent Settings
image

Set the UI.NO_SCAN.int to any value other than 0 and the scan dialog will not be displayed.
image