Added support for Firefox 90 on both Windows and macOS ......– Firefox 74 monitoring on Windows and macOS with Symantec Data Loss Prevention (17 March 2020) Integrations with other

Addendum to 15.5 System Requirements

Most recent update: 17 August 2021 for the following support update:

• Added support for Firefox 91 on Windows and macOS (with DLP 15.5 MP2) .

All updates since 13 January 2020

The following support was added to Data Loss Prevention (DLP) 15.5 since the System Requirements Guide was lastupdated on 13 January 2020. The date in parentheses indicates when support was added.

IMPORTANTYou must install the latest hotfix for DLP to ensure that you have the platform support as indicated in thefollowing tables. In some cases, platform support as indicated is enabled only when you apply the latest hotfix.

Third-party support

• Support for OpenJRE 1.8.0_282 on all DLP servers. See "About upgrading the JRE to the latest version" available inthe Symantec Data Loss Prevention Help for information on migrating to the latest JRE version (5 May 2021)

• Support for OpenJRE 1.8.0_262. See "About upgrading the JRE to the latest version" available in the Symantec DataLoss Prevention Help for information on migrating to the latest JRE version (21 December 2020)

• Support for the following Napatech Driver packages (13 May 2020):– Windows: 11.8.1 (driver version 3.15.x)– Linux: 12.1 (driver version 3.19.x)

• Removed support for SICAP for the McAfee Web Gateway proxy (20 March 2020)

Endpoint Data Loss Prevention supported macOS operating systems

• macOS 10.15.7 with DLP Agent version 15.5 MP2 (1 October 2020).• macOS 10.15.6 with DLP Agent version 15.5 MP2 (23 July 2020).• macOS 10.15.5 with DLP Agent version 15.5 MP2 (2 June 2020).• macOS 10.15.4 on DLP Agent version 15.5 MP2 (9 April 2020)• macOS 10.15.3 on DLP Agent version 15.5 MP2 (14 February 2020)

Endpoint Data Loss Prevention supported Windows operating systems:

• Windows 10 version 21H1 (OS build 19043.985) (7 June 2021)• Windows 10 version 20H2 (build 19042.572) (21 October 2020)• Windows 10 version 2004 (build 19041.264) (29 May 2020)

Edge monitoring is supported starting with DLP Agent version 15.5 MP2.

Applications supported by Endpoint Prevent:

• Chrome

2

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/15-7.html



• Chrome 92 on macOS with DLP 15.5 MP2 (26 July 2021)• Chrome 91 on macOS with DLP 15.5 MP2 (27 May 2021)• Chrome 91 on Windows with DLP 15.5 MP2 (26 May 2021)• Chrome 90 on Windows with DLP 15.5 MP2 (16 April 2021)• Chrome 88 on both Windows and macOS with DLP 15.5 MP2 (21 January 2021)• Chrome 87 on both Windows and macOS with DLP 15.5 MP2 (19 November 2020)• Chrome 86 on both Windows and macOS with DLP 15.5 MP2 (13 November 2020)• Chrome 85 on both Windows and macOS with DLP 15.5 MP2 (3 September 2020)• Chrome 84 on both Windows and macOS with DLP 15.5 MP2 (16 July 2020)• Chrome 83 on both Windows and macOS with DLP 15.5 MP2 (29 May 2020)• Chrome 81 on both Windows and macOS with DLP 15.5 MP2 (9 April 2020)• Chrome 80 monitoring on Windows and macOS with DLP 15.5 MP2 (14 February 2020)

• Edge– Edge (Chromium-based) version 92 on Windows (27 July 2021)– Edge (Chromium-based) version 91 on Windows with DLP 15.5 MP2 (2 June 2021)– Edge (Chromium-based) version 90 on Windows with DLP 15.5 MP2 (28 April 2021)

If a user uploads a folder with sensitive data, Data Loss Prevention is unable to detect the folder upload.Additionally, when drag-and-drop functionality is used, Unknown URLs are indicated in incident reports. See thearticle Edge Chromium 90 Issues: DLP Failure to Detect Folder Uploads and Unknown URLs for Drag and Drop foradditional details.

– Edge (Chromium-based) 88 with DLP 15.5 MP2 (25 January 2021)– Edge (Chromium-based) 87 with DLP 15.5 (20 November 2020)– Edge (Chromium-based) 86 with DLP 15.5 (13 October 2020)– Edge (Chromium-based) through version 85 with DLP 15.5 MP2 (2 September 2020)

• Firefox– Firefox 91 on Windows and macOS (with DLP 15.5 MP2) (17 August 2021)– Firefox 90 on both Windows and macOS (14 July 2021)– Firefox 89 on both Windows and macOS (3 June 2021)– Firefox 88 on Windows with DLP 15.5 MP2 (20 April 2021)– Firefox 87 on Windows with DLP 15.5 MP2 (25 March 2021)– Firefox 85 on both Windows and macOS with DLP 15.5 MP2 (1 February 2021)– Firefox 84 on both Windows and macOS with DLP 15.5 MP2 (18 December 2020)– Firefox 82 on both Windows and macOS (26 October 2020)– Firefox 81 on both Windows and macOS (29 September 2020)– Firefox 80 on both Windows and macOS (31 August 2020)– Firefox 79 on both Windows and macOS (3 August 2020)– Firefox 77 and 78 on both Windows and macOS (1 July 2020)– Support for Firefox 76 on both Windows and macOS. Removed references to Firefox 76 beta support (13 May

2020)– Firefox 75 on both Windows and macOS with Symantec Data Loss Prevention (9 April 2020)– Firefox 74 monitoring on Windows and macOS with Symantec Data Loss Prevention (17 March 2020)

Integrations with other Symantec products:

• Symantec Messaging Gateway (SMG) (8200 and 8300 Series) version 10.7.x (13 February 2020)

3

https://support.microsoft.com/en-us/kb/2919355



https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/information-security/data-loss-prevention/15-7/Related-Documents.html

https://support.broadcom.com/external/content/product-advisories/EDGE-CHROMIUM-90-ISSUES-DLP-FAILURE-TO-DETECT-FOLDER-UPLOADS-AND-UNKNOWN-URLS-FOR-DRAG-AND-DROP/18040

Operating system requirements for servers

• Requirements for using Windows Server 2012 R2 includes installing the patches KB2919355, KB2919442, andKB2999226 (10 July 2020)

• Support for Red Hat Enterprise Linux 7.9 (3 November 2020)• Support for Red Hat Enterprise Linux 7.8 (4 June 2020)• Support for Red Hat Enterprise Linux 7.7 starting with Symantec Data Loss Prevention version 15.5 MP2 (17 March

2020)

File system targets support

• Support for Microsoft Exchange Server 2019 as a Discover target (1 July 2020)

Oracle database support

• Oracle 19c Enterprise– Database Release Update 19.8.0.0 (25 September 2020)– Database Release Update 19.6.0.0 (only on Linux servers) (10 September 2020)– 19.3.0.0.0 (17 July 2020)You must obtain software and support from Oracle. For implementation details, see the Symantec Data LossPrevention Oracle 19c Implementation Guide at the Tech Docs Portal.

• Oracle 19c Standard Edition– Database Release Update 19.8.0.0 (25 September 2020)– Database Release Update 19.6.0.0 (only on Linux servers) (10 September 2020)– 19.3.0.0.0 (17 July 2020)You can obtain the software from Symantec. For implementation details, see the Symantec Data Loss PreventionOracle 19c Implementation Guide at the Tech Docs Portal.

Browser support for accessing the Enforce Server administration console

• Chrome 87 (4 February 2021)

4

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/information-security/data-loss-prevention/15-7/Related-Documents.html

Symantec™ Data Loss Prevention System Requirements and Compatibility Guide

Version 15.5

Last updated: 10 February 2020

Symantec Data Loss Prevention SystemRequirements and Compatibility Guide

Documentation version: 15.5p

Legal NoticeCopyright © 2019 Symantec Corporation. All rights reserved.

Symantec, CloudSOC, Blue Coat, the Symantec Logo, the Checkmark Logo, the Blue Coat logo, and theShield Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S.and other countries. Other names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to provide attributionto the third party (“Third Party Programs”). Some of the Third Party Programs are available under opensource or free software licenses. The License Agreement accompanying the Software does not alter anyrights or obligations you may have under those open source or free software licenses. Please see theThird Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantecproduct for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying, distribution,and decompilation/reverse engineering. No part of this document may be reproduced in any form by anymeans without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AREDISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLYINVALID. SYMANTECCORPORATIONSHALLNOTBELIABLEFOR INCIDENTALORCONSEQUENTIALDAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THISDOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TOCHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as definedin FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial ComputerSoftware - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software andCommercial Computer Software Documentation," as applicable, and any successor regulations, whetherdelivered by Symantec as on premises or hosted services. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software and Documentation by the U.S. Governmentshall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis StreetMountain View, CA 94043

https://www.symantec.com

https://www.symantec.com

Symantec SupportAll support services will be delivered in accordance with your support agreement and thethen-current Enterprise Technical Support policy.

Knowledge Base Articles and Symantec ConnectBefore you contact Technical Support, you can find free content in our online Knowledge Base,which includes troubleshooting articles, how-to articles, alerts, and product manuals. In thesearch box of the following URL, type the name of your product:

https://support.symantec.com

Access our blogs and online forums to engage with other customers, partners, and Symantecemployees on a wide range of topics at the following URL:

https://www.symantec.com/connect

Technical Support and Enterprise Customer SupportSymantec Support maintains support centers globally 24 hours a day, 7 days a week. TechnicalSupport’s primary role is to respond to specific queries about product features and functionality.Enterprise Customer Support assists with non-technical questions, such as license activation,software version upgrades, product access, and renewals.

For Symantec Support terms, conditions, policies, and other support information, see:

https://entced.symantec.com/default/ent/supportref

To contact Symantec Support, see:

https://support.symantec.com/en_US/contact-support.html

https://support.symantec.com

https://www.symantec.com/connect/

https://entced.symantec.com/default/ent/supportref

https://support.symantec.com/en_US/contact-support.html

Symantec Support .............................................................................................. 4

Chapter 1 About this guide .................................................................... 7

About updates to Symantec Data Loss Prevention systemrequirements ........................................................................... 7

About deprecated platforms ............................................................ 10

Chapter 2 System requirements and recommendations ............... 11

Deployment planning considerations ................................................ 11The effect of scale on system requirements ................................. 12

Minimum system requirements for Symantec Data Loss Preventionservers ................................................................................. 14Single-tier installation minimum hardware requirements ................. 14Very small installation minimum hardware requirements ................. 15Small installation minimum hardware requirements ....................... 16Medium installation minimum hardware requirements .................... 18Large enterprise minimum hardware requirements ........................ 19Operating system requirements for servers ................................. 21

System requirements for OCR Servers ............................................. 25Endpoint computer requirements for the Symantec DLP Agent .............. 26

Operating system requirements for endpoint systems .................... 26Memory and disk space requirements for the Symantec DLP

Agent ............................................................................ 33Supported languages for detection ................................................... 33Available language packs ............................................................... 35Oracle database requirements ........................................................ 36Browser requirements for accessing the Enforce Server administration

console ................................................................................ 38Deploying Data Loss Prevention on public cloud infrastructures ............. 38

Deploying Symantec Data Loss Prevention on Amazon WebServices infrastructure ...................................................... 38

Deploying Symantec Data Loss Prevention on MicrosoftAzure ............................................................................ 39

Deploying Symantec Data Loss Prevention on Oracle Cloud ........... 39Virtual server support .................................................................... 40

Contents

Virtual desktop and virtual application support with EndpointPrevent ................................................................................ 41

Supported operating systems for the EMDI, EDM, and IDM RemoteIndexers ............................................................................... 43

Third-party software requirements and recommendations ..................... 44

Chapter 3 Product compatibility ......................................................... 49

Environment compatibility and requirements for Network Prevent forEmail ................................................................................... 49

Proxy server compatibility with Network Prevent for Web ...................... 50SSL monitoring with Network Monitor ............................................... 51Secure ICAP support for Network Prevent for Web using the stunnel

service ................................................................................. 51High-speed packet capture cards .................................................... 52Veritas Data Insight compatibility with Symantec Data Loss

Prevention ............................................................................ 53Integrations with other Symantec products ......................................... 54Network Discover/Cloud Storage Discover compatibility ....................... 56

Supported Box cloud storage targets .......................................... 56Supported file system targets ................................................... 56Supported IBM (Lotus) Notes targets ......................................... 57Supported SQL database targets .............................................. 57Supported SharePoint server targets .......................................... 57Supported Exchange Server targets ........................................... 58Supported file system scanner targets ........................................ 58Supported Documentum (scanner) targets .................................. 59Supported OpenText (Livelink) scanner targets ............................ 59Supported web server (scanner) targets ..................................... 59

Endpoint Prevent supported applications ........................................... 60Applications supported by Endpoint Prevent on Windows ............... 60Applications supported by Endpoint Prevent on macOS ................. 68Support for monitoring applications protected by System Integrity

Protection ....................................................................... 73

6Contents

About this guide

This chapter includes the following topics:

■ About updates to Symantec Data Loss Prevention system requirements

■ About deprecated platforms

About updates to Symantec Data Loss Preventionsystem requirements

System requirements as described in this guide are occasionally updated as new informationbecomes available. You can find the latest version of the Symantec Data Loss PreventionSystem Requirements and Compatibility Guide at the following link to the Symantec SupportCenter article.

http://www.symantec.com/docs/DOC10602

Subscribe to the article at the Support Center to be notified when there are updates.

The following table provides the history of updates to this version of the Symantec Data LossPrevention System Requirements and Compatibility Guide.

Table 1-1 Change history for the Symantec Data Loss Prevention System Requirementsand Compatibility Guide

DescriptionDate

Added support for Windows 10 Version 1909 (November 2019 Update).13 January 2020

Added support for macOS 10.15.2.

Added support for Chrome 79 monitoring on Windows and macOS.

30 December 2019

Added support for VMware Horizon View 7.10.11 December 2019

1Chapter


Table 1-1 Change history for the Symantec Data Loss Prevention System Requirementsand Compatibility Guide (continued)

DescriptionDate

Added support for Firefox 71 monitoring on Windows and macOS.

Added DLP Agent support for Microsoft Windows Server 2019.

9 December 2019

Added support for macOS 10.15.1.15 November 2019

Added support for VMware View 7.9.11 November 2019

Added support for Safari 12.8 November 2019

Added support for Chrome 78 monitoring on Windows and macOS.31 October 2019

Added support for Firefox 70 monitoring on Windows and macOS.28 October 2019

Clarified disk requirements for large enterprise minimum systemrequirements to no longer include SSD as a recommended type.

16 October 2019


Corrected support for F5 BIG-IP proxy to remove SICAP and add ICAP.

Added support for Enforce and detection servers on Red Hat EnterpriseLinux 7.7.

18 September 2019


Clarified disk requirements for large enterprise minimum systemrequirements to include SSD as a recommended type.

6 September 2019

Clarified Microsoft Office SharePoint Server 2019 support.28 August 2019

Added support for Fortinet FortiGate-VM 6.2.1 with Network Prevent forWeb.

Added support for Microsoft Office SharePoint Server 2019 as a targetsupported by Network Discover/Cloud Storage Discover.


22 August 2019


Added support for Oracle 12.1.0.2 Enterprise Edition on premises and onAWS RDS.

1 August 2019


Added support for Citrix XenApp 7.19 and Citrix XenDesktop 7.19.

17 July 2019

8About this guideAbout updates to Symantec Data Loss Prevention system requirements


DescriptionDate

Added support for SIR (OCR/Form Recognition) with Cloud Prevent forOffice 365 on Azure.

Clarified that Oracle Linux 7.3 RHCK (Red Hat compatible kernel) is alsosupported for on-premises deployments.


8 July 2019

Added DLP Agent support for Version 1903 (Windows 10 May 2019Update).

20 June 2019



11 June 2019

Added Hotfix requirement for Microsoft Outlook 2019 scanning on macOSDLP Agent.

20 May 2019

Added support for Chrome 74 monitoring on Windows and macOSendpoints.

1 May 2019

Added DLP Agent support for macOS 10.14.4.18 April 2019

Added support for Symantec Data Insight 6.1.4.5 April 2019

Corrected support statement for Firefox 66 monitoring on Windows andmacOS endpoints.

3 April 2019

Added support for Firefox 66monitoring onWindows andmacOS endpoints.26 March 2019

Updated Hotfix information for Chrome 72 and 73 monitoring support.25 March 2019

Added support for Chrome 73 monitoring on Windows and macOSendpoints.

20 March 2019

Added DLP Agent support for macOS 10.14.3.12 March 2019

Added support for Enforce and detection servers on Red Hat EnterpriseLinux 7.6.

22 February 2019

Added support for Chrome 72 monitoring on Windows and macOSendpoints. Added support for Firefox 65monitoring forWindows andmacOSendpoints.

13 February 2019

Added note and link to Support Center alert about Chrome 72 monitoringon Windows endpoints. Added support for F5 BIG-IP proxy 14.1.0 andMcAfee Web Gateway 7.8.2.

5 February 2019

9About this guideAbout updates to Symantec Data Loss Prevention system requirements


DescriptionDate

Added support for HTTPSmonitoring of Firefox 64 onmacOS andWindowsendpoints. Added DLP Agent support for macOS 10.14.2.

7 January 2019

About deprecated platformsCertain platforms are referred to as “deprecated.” That indicates that while the deprecatedplatform is supported in the current release, Symantec plans to remove support in an upcomingrelease. If your Symantec Data Loss Prevention environment includes a deprecated platform,you should plan on updating the platform to a later supported version or a different supportedplatform as soon as possible.

10About this guideAbout deprecated platforms

System requirements andrecommendations


■ Deployment planning considerations

■ Minimum system requirements for Symantec Data Loss Prevention servers

■ System requirements for OCR Servers

■ Endpoint computer requirements for the Symantec DLP Agent

■ Supported languages for detection

■ Available language packs

■ Oracle database requirements

■ Browser requirements for accessing the Enforce Server administration console

■ Deploying Data Loss Prevention on public cloud infrastructures

■ Virtual server support

■ Virtual desktop and virtual application support with Endpoint Prevent

■ Supported operating systems for the EMDI, EDM, and IDM Remote Indexers

■ Third-party software requirements and recommendations

Deployment planning considerationsInstallation planning and system requirements for Symantec Data Loss Prevention dependon:

2Chapter

■ The type and amount of information you want to protect

■ The amount of network traffic you want to monitor

■ The size of your organization

■ The type of Symantec Data Loss Prevention detection servers you choose to install

These factors affect both:

■ The type of installation tier you choose to deploy (three-tier, two-tier, or single-tier)

■ The system requirements for your Symantec Data Loss Prevention installation

See “The effect of scale on system requirements” on page 12.

The effect of scale on system requirementsSome system requirements vary depending on the size of the Symantec Data Loss Preventionsoftware deployment. Determine the size of your organization and the corresponding SymantecData Loss Prevention deployment using the information in this section.

The key considerations in determining the deployment size are as follows:

■ Number of Enforce Server users

■ Number of detection servers

■ Daily incident volume

■ Amount of network traffic to monitor

■ Size of Exact Data Match profile (EDM), Exact Match Data Identifier profile (EMDI), orIndexed Data Match profile (IDM)

■ Size of your Form Recognition profile

The following table outlines five sample deployments based on enterprise size. Review thesesample deployments to understand which best matches your organization’s environment.

Table 2-1 Types of enterprise deployments

LargeMediumSmallVery small(minimumsupportedsystem)

Single tierVariable

3020105N/ANumber ofEnforce Serverusers

12System requirements and recommendationsDeployment planning considerations

Table 2-1 Types of enterprise deployments (continued)

LargeMediumSmallVery small(minimumsupportedsystem)

Single tierVariable

100+50105N/ANumber ofdetectionservers

100,00050,00010,0005000N/ADaily incidentvolume

>40 Mbps30-40 Mbps30-40 Mbps30-40 Mbps30-40 MbpsVolume ofnetwork traffic tomonitor

See theSymantecData LossPreventionAdministrationGuide forinformation aboutEDM, IDM, andEMDI impact onsizing forenterprisedeployments.

See theSymantecData LossPreventionAdministrationGuide forinformation aboutEDM, IDM, andEMDI impact onsizing forenterprisedeployments.

See theSymantec DataLoss PreventionAdministrationGuide forinformation aboutEDM, IDM, andEMDI impact onsizing forenterprisedeployments.

See the SymantecData LossPreventionAdministrationGuide forinformation aboutEDM, IDM, andEMDI impact onsizing for enterprisedeployments.

EDM 4 million cellsor IDM 250 MB(1400 files). Seethe Symantec DataLoss PreventionAdministrationGuide forinformation aboutEDM, IDM, andEMDI impact onsizing for enterprisedeployments.

EDM/EMDI/IDMindex size

See articleTECH235074 atthe SymantecSupport Centerfor informationabout FormRecognitionsizing.



See articleTECH235074 atthe SymantecSupport Center forinformation aboutForm Recognitionsizing.

See articleTECH235074 atthe SymantecSupport Center forinformation aboutForm Recognitionsizing.

FormRecognitionprofile size

See “Largeenterpriseminimumhardwarerequirements”on page 19.

See “Mediuminstallationminimumhardwarerequirements”on page 18.

See “Smallinstallationminimumhardwarerequirements”on page 16.

See “Very smallinstallationminimum hardwarerequirements”on page 15.

See “Single-tierinstallationminimum hardwarerequirements”on page 14.

Hardwarerequirements

13System requirements and recommendationsDeployment planning considerations

http://www.symantec.com/docs/TECH235074





For additional related information see also Symantec Data Loss Prevention Network Monitorand Prevent Performance Sizing Guidelines, available at the Symantec Support Center athttp://www.symantec.com/docs/DOC8253.

Minimum system requirements for Symantec DataLoss Prevention servers

All Symantec Data Loss Prevention servers must meet or exceed the minimum hardwarespecifications and run on one of the supported operating systems.

■ See “Single-tier installation minimum hardware requirements” on page 14.

■ See “Very small installation minimum hardware requirements” on page 15.

■ See “Small installation minimum hardware requirements” on page 16.

■ See “Medium installation minimum hardware requirements” on page 18.

■ See “Large enterprise minimum hardware requirements” on page 19.

■ See “Operating system requirements for servers” on page 21.

Note: Requirements for Symantec Data Loss Prevention Virtual Appliances are the same asfor the software server counterparts, except for virtual environment support. See “Virtual serversupport” on page 40.

If the Oracle database for Symantec Data Loss Prevention is installed on a dedicated computer(a three-tier deployment), that system must meet its own set of system requirements.

See “Oracle database requirements” on page 36.

Single-tier installation minimum hardware requirementsThe following table provides the system requirements for branch office or small organizationsingle-tier deployments.

Because single-tier deployments include the Enforce Server, the Oracle database, and thedetection server all on the same computer, the processing and memory requirements arehigher than they might be on dedicated servers in a two- or three-tier deployment.

Note: The default content size for detection is 30 MB. If you plan to scan files larger than 30MB, see article https://www.symantec.com/docs/TECH252393.html at the Symantec SupportCenter for information about tuning your system for large file inspection.

14System requirements and recommendationsMinimum system requirements for Symantec Data Loss Prevention servers


https://www.symantec.com/docs/TECH252393.html

Table 2-2 Single-tier installation minimum hardware requirements

Single Server InstallationRequired for

Eight-core CPUProcessor

64 GB RAMMemory

3 TB, RAID 5 configuration (with a minimum of fivespindles)

Disk

1 copper or fiber 1 Gb Ethernet NIC (if you are usingNetwork Monitor you will need a minimum of twoNICs)

NICs

Very small installation minimum hardware requirementsThe following table provides the system requirements for the smallest supported installationof Symantec Data Loss Prevention. This is a two-tier installation, in which the Enforce Serverand Oracle database are both hosted on the same computer.


Table 2-3 Very small installation minimum hardware requirements

Network Discover/CloudStorage Discover,Network Prevent, CloudPrevent for Email, orEndpoint Prevent

Network MonitorEnforce ServerRequired for

Four-core CPUFour-core CPUTwo-core CPUProcessor

6–8 GB RAM (See theSymantec Data LossPrevention AdministrationGuide for information aboutEDM, IDM, and EMDIimpact on sizing. See articleTECH235074 at theSymantec Support Centerfor information about FormRecognition sizing.)

6–8 GB RAM (See theSymantec Data LossPrevention AdministrationGuide for information aboutEDM, IDM, and EMDIimpact on sizing. See articleTECH235074 at theSymantec Support Centerfor information about FormRecognition sizing.)

8 GB RAMMemory





Table 2-3 Very small installation minimum hardware requirements (continued)

Network Discover/CloudStorage Discover,Network Prevent, CloudPrevent for Email, orEndpoint Prevent

Network MonitorEnforce ServerRequired for

140 GB

For Network Discover/CloudStorage Discoverdeployments, approximately150 MB of disk space isrequired to maintainincremental scan indexes.This is based on anoverhead of 5 MB perincremental scan target and50 bytes per item in thetarget.

140 GB500 GB hard drive storage.

For Network Discover/CloudStorage Discoverdeployments, approximately150 MB of disk space isrequired to maintainincremental scan indexes.This is based on anoverhead of 5 MB perincremental scan target and50 bytes per item in thetarget.

Disk

1 copper or fiber 1 Gb/100Mb Ethernet NIC tocommunicate with theEnforce Server.

1 copper or fiber 1 Gb/100Mb Ethernet NIC tocommunicate with theEnforce Server.

One copper or fiber 1Gb/100 Mb Ethernet NIC tocommunicate with detectionservers.

NICs

Small installation minimum hardware requirementsThe following table provides the system requirements for a small installation of Symantec DataLoss Prevention. This is a three-tier installation, in which the Enforce Server and Oracledatabase are hosted on separate computers.




Table 2-4 Small installation minimum hardware requirements

NetworkDiscover/CloudStorage Discover,Network Prevent,Cloud Prevent forEmail, or EndpointPrevent

Network MonitorOracle databaseEnforce ServerRequired for

Four-core CPUFour-core CPUTwo-core CPUTwo-core CPUProcessor

6–8 GB RAM (Seethe Symantec DataLoss PreventionAdministration Guidefor information aboutEDM, IDM, andEMDI impact onsizing. See articleTECH235074 at theSymantec SupportCenter forinformation aboutForm Recognitionsizing.)

6–8 GB RAM (Seethe Symantec DataLoss PreventionAdministrationGuidefor information aboutEDM, IDM, andEMDI impact onsizing. See articleTECH235074 at theSymantec SupportCenter forinformation aboutForm Recognitionsizing.)

8 GB RAM8 GB RAMMemory

140 GB

For NetworkDiscover/CloudStorage Discoverdeployments,approximately 150MB of disk space isrequired to maintainincremental scanindexes. This isbased on anoverhead of 5 MBper incremental scantarget and 50 bytesper item in thetarget.

140 GB500 GB - 1 TB

See “Oracle databaserequirements” on page 36.

500 GB hard drivestorage.

For NetworkDiscover/CloudStorage Discoverdeployments,approximately 150MB of disk space isrequired to maintainincremental scanindexes. This isbased on anoverhead of 5 MBper incremental scantarget and 50 bytesper item in thetarget.

Disk




Table 2-4 Small installation minimum hardware requirements (continued)

NetworkDiscover/CloudStorage Discover,Network Prevent,Cloud Prevent forEmail, or EndpointPrevent

Network MonitorOracle databaseEnforce ServerRequired for

1 copper or fiber 1Gb/100 Mb EthernetNIC to communicatewith the EnforceServer.


N/AOne copper or fiber1 Gb/100 MbEthernet NIC tocommunicate withdetection servers.

NICs

Medium installation minimum hardware requirementsThe following table provides the system requirements for medium installations of SymantecData Loss Prevention. This is a three-tier installation, with the Enforce Server and Oracledatabase hosted on separate computers.


Table 2-5 Medium installation minimum hardware requirements

Network Discover/CloudStorage Discover, NetworkPrevent, Cloud Prevent forEmail, or Endpoint Prevent

Network MonitorOracledatabase

Enforce ServerRequiredfor

Four-core CPUFour-core CPUFour-coreCPU

Two-core CPUProcessor



Table 2-5 Medium installation minimum hardware requirements (continued)

Network Discover/CloudStorage Discover, NetworkPrevent, Cloud Prevent forEmail, or Endpoint Prevent


Enforce ServerRequiredfor

6–8 GB RAM (See the SymantecData Loss PreventionAdministration Guide forinformation about EDM, IDM, andEMDI impact on sizing. See articleTECH235074 at the SymantecSupport Center for informationabout Form Recognition sizing.)

6–8 GB RAM (See theSymantec Data LossPreventionAdministration Guidefor information aboutEDM, IDM, and EMDIimpact on sizing. Seearticle TECH235074 atthe Symantec SupportCenter for informationabout FormRecognition sizing.)

16 GB RAM12 GB RAM

(EDM/IDM and FormRecognition profile size canincrease memoryrequirements. See articleTECH235074 at theSymantec Support Center forinformation about FormRecognition sizing.)

Memory

140 GB

For Network Discover/CloudStorage Discover deployments,approximately 150 MB of diskspace is required to maintainincremental scan indexes. This isbased on an overhead of 5 MBper incremental scan target and50 bytes per item in the target.

140 GB500 GB - 1 TB

See “Oracledatabaserequirements”on page 36.

500 GB hybrid storage.

For Network Discover/CloudStorage Discoverdeployments, approximately150 MB of disk space isrequired to maintainincremental scan indexes.This is based on an overheadof 5 MB per incremental scantarget and 50 bytes per itemin the target.

Disk

1 copper or fiber 1 Gb/100 MbEthernet NIC to communicate withthe Enforce Server.


N/A1 copper or fiber 1 Gb/100Mb Ethernet NIC tocommunicate with detectionservers.

NICs



Large enterprise minimum hardware requirementsThe following table provides the system requirements for large installations of Symantec DataLoss Prevention. This is a three-tier installation, with the Enforce Server and Oracle databasehosted on separate computers.






Table 2-6 Large enterprise minimum system requirements

Network Discover/CloudStorageDiscover, NetworkPrevent, Cloud Prevent forEmail, or Endpoint Prevent


Enforce ServerRequiredFor

Eight-core CPUEight-core CPUSix-core CPUFour-core CPUProcessor

8–16 GB RAM (See theSymantec Data LossPrevention AdministrationGuide for information aboutEDM, IDM, and EMDI impacton sizing.

See article TECH235074 atthe Symantec Support Centerfor information about FormRecognition sizing.

8–16 GB RAM (See theSymantec Data LossPreventionAdministration Guide forinformation about EDM,IDM, and EMDI impacton sizing.

See articleTECH235074 at theSymantec SupportCenter for informationabout FormRecognitionsizing.

32 GB RAM16 GB RAM

(EDM/IDM and FormRecognition profile size canincrease memoryrequirements. See theSymantec Data LossPrevention AdministrationGuide for information aboutEDM and IDM sizing.

See article TECH235074 atthe Symantec SupportCenter for information aboutForm Recognition sizing.

Memory

140 GB

For Network Discover/CloudStorage Discoverdeployments, approximately1 GB of disk space is requiredto maintain incremental scanindexes. This is based on anoverhead of 5 MB perincremental scan target and50 bytes per item in the target.

140 GB500 GB - 1 TB

See “Oracledatabaserequirements”on page 36.

1 TB storage (SSD or SAN)

For Network Discover/CloudStorage Discoverdeployments, approximately1 GB of disk space isrequired to maintainincremental scan indexes.This is based on anoverhead of 5 MB perincremental scan target and50 bytes per item in thetarget.

DiskRequirements






Table 2-6 Large enterprise minimum system requirements (continued)

Network Discover/CloudStorageDiscover, NetworkPrevent, Cloud Prevent forEmail, or Endpoint Prevent


Enforce ServerRequiredFor

To communicate with theEnforce Server:

1 copper or fiber 1 Gb/100MbEthernet NIC

To communicate withthe Enforce Server:

1 copper or fiber 1Gb/100 Mb Ethernet

For network trafficmonitoring (pick one):

1 copper or fiber 1Gb/100 Mb EthernetNIC.

N/ATo communicate withdetection servers:

1 copper or fiber 1 Gb/100Mb Ethernet NIC

NICs

N/ASee “High-speed packetcapture cards”on page 52.

N/AN/AHigh-speedpacketcapture cards



Operating system requirements for serversSymantec Data Loss Prevention servers can be installed on a supported Linux or Windowsoperating system. Different operating systems can be used for different servers in aheterogeneous environment.

Note: If you are using Windows Server 2012 R2, you must install two patches. See “Installingpatches for Windows Server 2012 R2” on page 23.

Symantec Data Loss Prevention supports the following 64-bit operating systems for EnforceServer and detection server computers:

■ Microsoft Windows Server 2008 R2 SP1, Enterprise Edition with patch

■ Microsoft Windows Server 2008 R2 SP1, Standard Edition with patch

■ Microsoft Windows Server 2012 R2, Datacenter Edition with patchSee “Installing patches for Windows Server 2012 R2” on page 23.

■ Microsoft Windows Server 2012 R2, Standard Edition with patchSee “Installing patches for Windows Server 2012 R2” on page 23.


■ Microsoft Windows Server 2016, Standard Edition

■ Microsoft Windows Server 2016, Datacenter Edition

■ Red Hat Enterprise Linux 6.8, 6.9, and 6.10See “Installing fonts on Linux servers” on page 25.

■ Red Hat Enterprise Linux 7.3 through 7.7See “Installing fonts on Linux servers” on page 25.

■ Oracle Linux 7.3 and 7.4See “Installing fonts on Linux servers” on page 25.

Symantec Data Loss Prevention supports the 64-bit operating system for detection servercomputers on Microsoft Windows Server 2016, Core.

Operating system requirements for Single Server deploymentsSymantec Data Loss Prevention supports the following 64-bit operating systems for SingleServer deployments:

■ Microsoft Windows Server 2008 R2 SP1, Enterprise Edition with patch

■ Microsoft Windows Server 2008 R2 SP1, Standard Edition with patch



■ Microsoft Windows Server 2016, Standard Edition

■ Microsoft Windows Server 2016, Datacenter Edition

■ Red Hat Enterprise Linux 6.8, 6.9, and 6.10See “Installing fonts on Linux servers” on page 25.

■ Red Hat Enterprise Linux 7.3 through 7.7See “Installing fonts on Linux servers” on page 25.

■ Oracle Linux 7.3 and 7.4See “Installing fonts on Linux servers” on page 25.

English language and localized versions of both Linux and Windows operating systems aresupported.

See “Supported languages for detection” on page 33.

See also the Symantec Data Loss Prevention Administration Guide for detailed informationabout supported languages and character sets. You can find the Symantec Data LossPrevention Administration Guide at the Symantec Support Center here:http://www.symantec.com/docs/DOC9261.



Operating system requirements for the domain controller agentThe domain controller agent enables you to resolve user names from IPv4 addresses in HTTP/Sand FTP incidents. See the Symantec Data Loss Prevention Installation Guide for domaincontroller agent installation details.

Symantec Data Loss Prevention supports the following operating systems for the domaincontroller agent:

■ Microsoft Windows Server 2008 R2, Enterprise Edition (64-bit)

■ Microsoft Windows Server 2008 R2, Standard Edition (64-bit)

■ Microsoft Windows Server 2008 R2 SP1, Enterprise Edition (64-bit) with patch

■ Microsoft Windows Server 2008 R2 SP1, Standard Edition (64-bit) with patch

■ Microsoft Windows Server 2012, Datacenter Edition (64-bit)

■ Microsoft Windows Server 2012, Standard Edition (64-bit)



Installing patches for Windows Server 2012 R2If you use Windows Server 2012 R2, you must install three Microsoft patches: KB2919355,KB2919442, and KB2999226.

Go to https://support.microsoft.com/en-us/kb/2919355 and install KB2919355.



Installing fonts on Linux serversYou must have at least one font installed on your Linux servers. However, Symantecrecommends installing all available fonts on your Linux servers if you intend to use FormRecognition detection. To install all available fonts, run: yum groupinstall fonts on eachLinux Enforce and detection server.

Linux partition guidelinesMinimum free space requirements for Linux partitions vary according to the specific details ofyour Symantec Data Loss Prevention installation. The table below provides general guidelinesthat should be adapted to your installation as circumstances warrant. Symantec recommendsusing separate partitions for the different file systems, as indicated in the table. If you combine





multiple file systems onto fewer partitions, or onto a single root partition, make sure the partitionhas enough free space to hold the combined sizes of the file systems listed in the table.

Note: Partition size guidelines for detection servers are similar to those for Enforce Serverwithout an Oracle database.

See Table 2-8 on page 25.

Table 2-7 Linux partition minimum size guidelines—Enforce Server with Oracle database

Description and commentsMinimum free spacePartition

Store the Oracle installation tools, Oracleinstallation ZIP files, and Oracle critical patchupdate (CPU) files in /home.

6 GB/home

The Oracle installer and installation tools requirespace in this directory.

1.2 GB/tmp

Contains installed programs such as SymantecData Loss Prevention, the Oracle server, andthe Oracle database. The Oracle databaserequires significant space in this directory. Forimproved performance, you may want to mountthis partition on different disks/SAN/RAID fromwhere the root partition is mounted.

500 GB for Small/Medium installations

1 TB for Large installations

/opt

Contains logs, EDM/IDM indexes, FormRecognition indexes, incremental scan indexes,and network packet capture directories.

Note: The /var/spool/pcap and/var/SymantecDLP/drop_pcap directoriesmust reside on the same partition or mountpoint.


46 GB for Large installations

/var

This must be in its own ext2 or ext3 partition,not part of soft RAID (hardware RAID issupported).

100 MB/boot

If you need to have the memory dump in caseof system crash (for debugging), you may wantto increase these amounts.

Equal to RAMswap


Table 2-8 Linux partition minimum size guidelines—Enforce Server without a database,or detection server

Description and commentsMinimum size guidelinesPartition

Contains installed programs such as SymantecData Loss Prevention and the Oracle client.

10 GB/opt

Contains logs, EDM/IDM indexes, FormRecognition indexes, incremental scan indexes,and network packet capture directories.

Note: The /var/spool/pcap and/var/Symantec/DataLossPrevention/drop_pcapdirectories must reside on the same partition ormount point.


46 GB for Large installations

/var

This must be in its own ext2 or ext3 partition,not part of soft RAID (hardware RAID issupported).

100 MB/boot

If you need to have the memory dump in caseof system crash (for debugging), you may wantto increase these amounts.

Equal to RAMswap

Installing fonts on Linux serversYou must have at least one font installed on your Linux servers. However, Symantecrecommends installing all available fonts on your Linux servers if you intend to use FormRecognition detection. To install all available fonts, run: yum groupinstall fonts on eachLinux Enforce and detection server.

System requirements for OCR ServersOperating system requirements for OCR ServersSymantec supports deployment of OCR Servers on theWindows operating system. The sameWindows servers supported for installation of the Enforce Server are supported for installationof OCR Servers.

See “Operating system requirements for servers” on page 21.

For more information onOCRServer system requirements and sizing guidelines, see "SymantecData Loss Prevention OCR Server System Requirements and OCR Server Sizing Estimator"at http://www.symantec.com/docs/doc10612.

25System requirements and recommendationsSystem requirements for OCR Servers

http://www.symantec.com/docs/doc10612

Symantec Data Loss Prevention compatibility with OCR ServersOCRServer version 1 is compatible with the following Symantec Data Loss Prevention versions:

■ 15.0

■ 15.1

■ 15.5

Endpoint computer requirements for the SymantecDLP Agent

If you install Endpoint Prevent, the endpoint computers on which you install the Symantec DLPAgent must meet the requirements that are described in the following sections.

Note: Table 2-9 and Table 2-10 assume that you have installed the latest DLP hot fix fromSymantec.

Operating system requirements for endpoint systemsEndpoint Data Loss Prevention can operate on Endpoint systems that use the followingoperating systems:

Table 2-9 Endpoint Data Loss Prevention supported Windows operating systems

DLP version15.5

DLP version15.1

DLP version15.0

DLPversion14.6

DLPversion14.5

DLPversion14.0

VersionOperatingsystem

NoNoNoYesNoYes2003 SP2R2

WindowsServer

YesYesYesYesYesYes2008 R2WindowsServerEnterpriseorStandard(64-bit)

YesYesYesYesYesYes2012 R2

26System requirements and recommendationsEndpoint computer requirements for the Symantec DLP Agent

Table 2-9 Endpoint Data Loss Prevention supported Windows operating systems(continued)

DLP version15.5

DLP version15.1

DLP version15.0

DLPversion14.6

DLPversion14.5

DLPversion14.0


YesYesYesYes (on DLPAgentversions 14.6MP1 andMP2)

NoNoNo servicepack

MicrosoftWindowsServer2016StandardorDatacenterEdition(64-bit)

YesNoNoNoNoNoNoMicrosoftWindowsServer2019(64-bit)

NoNoNoYesYesYesNo servicepack

Windows 7Enterprise,Professional,Ultimate(32-bit)

YesYesYesYesYesYesSP1

NoNoNoYesYesYesNo servicepack

Windows 7Enterprise,Professional,Ultimate(64-bit)

YesYesYesYesYesYesSP1

NoNoNoNoNoNoUnpatchedWindows 8EnterprisePCoperatingsystem(32-bit)

NoNoNoYesYesYesUnpatchedWindows 8EnterprisePCoperatingsystem(64-bit)



DLP version15.5

DLP version15.1

DLP version15.0

DLPversion14.6

DLPversion14.5

DLPversion14.0


YesYesYesYesYesYesUnpatchedWindows8.1Enterprise,Pro PCoperatingsystem(64-bit)

YesYesYesYesYesYesUpdate 1



NoNoYesYesYesYes (14.0.1)UnpatchedWindows10Enterprise,Pro PCoperatingsystem(64-bit)

DeprecatedDeprecatedYesYesYesNoVersion1511(NovemberUpdate)

DeprecatedDeprecatedYesYesYesNoVersion1607(AnniversaryUpdate)

Yes

See note "a"immediatelybelow.

Yes


Yes


Yes (on DLPAgentversion 14.6MP1 andMP2)


NoNoVersion1703(CreatorsUpdate)

YesYesYesYes (on DLPAgentversion 14.6MP1 andMP2)

NoNoVersion1709 (FallCreatorsUpdate)

YesYesYes (on DLPAgent version15.0 MP1)

NoNoNoVersion1803 (April2018Update)[build#17134.48]



DLP version15.5

DLP version15.1

DLP version15.0

DLPversion14.6

DLPversion14.5

DLPversion14.0


YesYes (on DLPAgent version15.1 MP1)

NoNoNoNoVersion1607 LTSB

YesYes (on DLPAgent version15.1 MP1)

NoNoNoNoVersion1809(CreatorsUpdate)

Yes (on DLPAgent version15.5 MP1)


NoYes (on DLPAgentversion 14.6MP3)

NoNoVersion1903 (May2019Update)


See note "b"immediatelybelow.


See note "b"immediatelybelow.

NoNoNoNoVersion1909(November2019Update)

Additional details about Windows 10 support are available in the following Symantec SupportCenter articles:

a. Known Issues for DLP Agent Support of Microsoft Windows 10 Creators Update

b. There are known issues with monitoring drag and drop activity for Edge on Windows 10(Version 1909). You must apply a hot fix for support of the Edge browser. See the article Publichot fixes for DLP Agents 15.1 MP2 and 15.5 MP2 for Edge support on Windows 10 Version1909.

Table 2-10 Endpoint Data Loss Prevention supported macOS operating systems

DLP version15.5

DLP version15.1

DLP version15.0

DLP version14.6

DLP version14.5

DLP version14.0

Operatingsystem

NoNoNoNoNoYesApplemacOS 10.8(64-bit)



https://support.symantec.com/us/en/article.ALERT2708.html



Table 2-10 Endpoint Data Loss Prevention supported macOS operating systems (continued)

DLP version15.5

DLP version15.1

DLP version15.0

DLP version14.6

DLP version14.5

DLP version14.0

Operatingsystem

NoNoNoYesYesYesApplemacOS 10.9(64-bit)

NoNoDeprecatedYesYesYesApplemacOS10.10 (64-bit)

YesYes■ Through10.11.5

■ 10.11.6 on on15.0 MP1 withHotfix15.0.0101

■ Through10.11.5

■ 10.11.6 on14.6 MP2with Hotfix14.6.0205

YesNoApplemacOS10.11 (64-bit)

YesYes■ Through10.12.5

■ 10.12.6 on15.0 MP1 withHotfix15.0.0101

■ Through10.12.5 onDLP Agentversion14.6 MP1

■ 10.12.6 on14.6 MP2with Hotfix14.6.0205


NoApplemacOS10.12 (64-bit)



DLP version15.5

DLP version15.1

DLP version15.0

DLP version14.6

DLP version14.5

DLP version14.0

Operatingsystem

Yes (through10.13.6)

Yes (through10.13.6)

■ 10.13.1 onDLP Agentversion 15.0

■ 10.13.2 onversion 15.0MP1 withHotfix15.0.0101



■ 10.13.5 onversion 15.0MP1 withHotfix15.0.0107.01001

■ 10.13.6 onversion 15.0MP1 withHotfix15.0.0107.01001

See additionaldetails followingthis table.

■ 10.13.1 onDLP Agentversion14.6 MP2

■ 10.13.2 on14.6 MP2with Hotfix14.6.0205

■ 10.13.3 on14.6 MP2with Hotfix_14.6.020510.13.4 on14.6 MP2with Hotfix14.6.0205

See additionaldetailsfollowing thistable.

NoNoApplemacOS10.13 (64-bit)



DLP version15.5

DLP version15.1

DLP version15.0

DLP version14.6

DLP version14.5

DLP version14.0

Operatingsystem

10.14.1 - 10.14.4on version 15.5

10.14.5 onversion 15.5MP1

10.14.6 on 15.5MP1 with Hotfix15.5.0104.1006

See note "f"immediatelybelow.

10.14.1,10.14.2, and10.14.5 onversion 15.1MP2

See note "e"immediatelybelow.

No10.14.5 onversion 14.6MP3

NoNoApplemacOS10.14 (64-bit)

10.15.1 and10.15.2 onversion 15.5MP2

See note "g"immediatelybelow.

10.15.1 and10.15.2 onversion 15.1MP2

See note "g"immediatelybelow.

ApplemacOS10.15 (64-bit)

Additional details about macOS support are available in the following Symantec Support Centerarticles:

a. Known issues using macOS 10.13 with DLP Agent versions 14.6 MP2 and 15.0

b. DLP Agents deployed with MDM profiles on macOS 10.13.2 not loading

c. Monitoring macOS applications where SIP is enabled

d. Use Application File Access to monitor Safari on macOS 10.12.4 and later

e. Known issues upgrading from macOS 10.13.6 to macOS 10.14 with DLP Agent version15.1

f. Security updates provided by Apple for macOS 10.14.x cause Outlook to crash when theDLP Agent is running

g. Configuring MDM profiles for Full Disk Access for macOS 10.15 and DLP Agent support

Symantec DLP Agents can also be installed on supported localized versions of theseWindowsand macOS operating systems.

See “Supported languages for detection” on page 33.

See also the Symantec Data Loss Prevention Administration Guide for detailed informationabout supported languages and character sets.








https://www.symantec.com/docs/DOC10602

https://www.symantec.com/docs/DOC10602

https://support.symantec.com/us/en/article.tech256856.html

Memory and disk space requirements for the Symantec DLP AgentThe Symantec DLP Agent software reserves a minimum of 25 MB to 30 MB of memory on theEndpoint computer, depending on the actual version of the software. The DLP Agent softwaretemporarily consumes additional memory while it detects content or communicates with theEndpoint Prevent server. After these tasks are complete, the memory usage returns to theprevious minimum.

The initial Symantec DLP Agent installation consumes approximately 70 MB to 80 MB of harddisk space. The actual minimum amount depends on the size and number of policies that youdeploy to the endpoint computer. Additional disk space is then required to temporarily storeincident data on the endpoint computer until the Symantec DLP Agent sends that data to theEndpoint Prevent server. If the endpoint computer cannot connect to the Endpoint Preventserver for an extended period of time, the Symantec DLP Agent will continue to consumeadditional disk space as new incidents are created. The disk space is freed only after the agentsoftware reconnects to the Endpoint Prevent server and transfers the stored incidents.


Supported languages for detectionSymantec Data Loss Prevention supports a large number of languages for detection. Policiescan be defined that accurately detect and report on the violations that are found in content inthese languages:

■ Arabic

■ Brazilian Portuguese

■ Chinese (traditional)

■ Chinese (simplified)

■ Czech

■ Danish

■ Dutch

■ English

■ Finnish

■ French

■ German

33System requirements and recommendationsSupported languages for detection


■ Greek

■ Hebrew

■ Hungarian

■ Italian

■ Japanese

■ Korean

■ Norwegian

■ Polish

■ Portuguese

■ Romanian

■ Russian

■ Spanish

■ Swedish

■ Turkish*

*Symantec Data Loss Prevention cannot be installed on a Windows operating system that islocalized for the Turkish language, and you cannot choose Turkish as an alternate locale.

For additional information about specific languages, see the Symantec Data Loss PreventionRelease Notes.

A number of capabilities are not implied by this support:

■ Technical support provided in a non-English language. Because Symantec Data LossPrevention supports a particular language does not imply that technical support is deliveredin that language.

■ Localized administrative user interface (UI) and documentation. Support for a languagedoes not imply that the UI or product documentation has been localized into that language.However, even without a localized UI, user-defined portions of the UI such as pop-upnotification messages on the endpoint can still be localized into any language by enteringthe appropriate text in the UI.

■ Localized content. Keywords are used in a number of areas of the product, including policytemplates and data identifiers. Support for a language does not imply that these keywordshave been translated into that language. Users may, however, add keywords in the newlanguage through the Enforce Server administration console.

■ Localized content. Keywords are used in a number of areas of the product, including policytemplates and data identifiers. Support for a language does not imply that these keywords

34System requirements and recommendationsSupported languages for detection

have been translated into that language. Users may, however, add keywords in the newlanguage through the Enforce Server administration console.

■ New file types, protocols, applications, or encodings. Support for a language does not implysupport for any new file types, protocols, applications, or encodings that may be prevalentin that language or region other than what is already supported in the product.

■ Language-specific normalization. An example of normalization is to treat accented andunaccented versions of a character as the same. The product already performs a numberof normalizations, including standard Unicode normalization that should cover the vastmajority of cases. However, it does not mean that all potential normalizations are included.

■ Region-specific normalization and validation. An example of this is the awareness that theproduct has of the format of North American phone numbers, which allows it to treat differentversions of a number as the same, and to identify invalid numbers in EDM source files.Support for a language does not imply this kind of functionality for that language or region.

Items in these excluded categories are tracked as individual product enhancements on alanguage- or region-specific basis. Contact Symantec Technical Support for additionalinformation on language-related enhancements or plans for the languages not listed.

Available language packsYou can install any of the available language packs for your Symantec Data Loss Preventiondeployment. Language packs provide a limited set of non-English languages for the EnforceServer administration console user interface and online Help. Note that these language packsare only needed to provide a translated user interface and online Help; they are not neededfor data detection. Language packs also contain translated versions of selected SymantecData Loss Prevention documentation.

As they become available, language packs for Symantec Data Loss Prevention are distributedalong with the software products they support. You can also download and add a languagepack to an installation. Language packs do not require any additional purchase or license.Consult the Symantec Data Loss Prevention Administration Guide for details on how to addand enable a language pack. Language packs are distributed in theSymantec_DLP_15.5_Lang_Pack-ML.zip file on the Symantec FileConnect website. Whenyou extract the contents of the ZIP file, the individual language pack files have names in theform:

Symantec_DLP_15.5_Lang_Pack_<language>.zip

Table 2-11 lists available language packs.

35System requirements and recommendationsAvailable language packs

Table 2-11 Language packs and corresponding locale codes

Locale codeLanguage

PT_BRBrazilian Portuguese

ZH_CNChinese (Simplified)

ZH_TWChinese (Traditional)

FR_FRFrench

DE_DEGerman

IT_ITItalian

JA_JPJapanese

KO_KRKorean

ES_MXMexican Spanish

RU_RURussian

Note: Not all language packs are available when a product is first released.

Oracle database requirementsSymantec Data Loss Prevention supports the following Oracle databases:

■ Oracle 12c Enterprise EditionOracle 12.1.0.2 and 12.2.0.1 are tested with the Symantec Data Loss Prevention schema.You must obtain software and support from Oracle. For implementation details, see theSymantec Data Loss Prevention Oracle 12c Enterprise Implementation Guide, availablehere:http://www.symantec.com/docs/DOC9260

■ Oracle 12c Standard Edition 2 Release 2 (12c SE2 R2) (12.2.0.1)Symantec provides Oracle 12.2.0.1 Standard Edition with Symantec Data Loss Prevention.See the Symantec Data Loss Prevention Oracle 12c Standard Edition 2 Release 2Installation and Upgrade Guide to install Oracle, available here:http://www.symantec.com/docs/DOC10713

The Symantec Data Loss Prevention database schema is supported on all editions of Oracle.

36System requirements and recommendationsOracle database requirements



Symantec Data Loss Prevention requires the Oracle database to use the AL32UTF8 characterset. If your database is configured for a different character set, the installer notifies you andcancels the installation.

You can install Oracle on a dedicated server (a three-tier deployment) or on the same computeras the Enforce Server (a two-tier or single-tier deployment):

■ Three-tier deployment.System requirements for a dedicated Oracle server are listed below. Note that dedicatedOracle server deployments also require that you install the Oracle 12c Client on the EnforceServer computer to communicate with the remote Oracle 12c SE2 instance.

■ Single- and two-tier deployments.When installed on the Enforce Server computer, the Oracle system requirements are thesame as those of the Enforce Server.See “Single-tier installation minimum hardware requirements” on page 14.See “Very small installation minimum hardware requirements” on page 15.

If you install Oracle on a dedicated server, that computer must meet the following minimumsystem requirements for Symantec Data Loss Prevention:

■ One of the following operating systems:

■ Microsoft Windows Server 2008 R2 Standard or Enterprise (64-bit)

■ Microsoft Windows Server 2008 R2 SP1 Standard or Enterprise (64-bit)

■ Microsoft Windows Server 2012 R2 Standard, Enterprise, or Datacenter (64-bit)

■ Microsoft Windows Server 2016 Standard or Datacenter (64-bit)

■ Red Hat Enterprise Linux 6.9 (64-bit)

■ Red Hat Enterprise Linux 7.3 through 7.5 (64-bit)

■ Oracle Linux 7.3 or Oracle Linux 7.3 with RHCK (Red Hat compatible kernel)

■ 8-32 GB of RAM

■ 8-16 GB of swap space (equal to RAM up to 16 GB)

■ 500 GB – 1 TB of disk space for the Enforce database

On a Linux system, if the Oracle database is on the same computer as the Enforce Server,then the /opt file system must have at least 500 GB of free space for small or mediuminstallations. 1 TB of free space is required for large installations. If Oracle is installed on adifferent computer from the Enforce Server, then the /opt file system must have at least 10GB of free space, and the /boot file system must have at least 100 MB of free space.

The exact amount of disk space that is required for the Enforce Server database depends onvariables such as:

■ The number of policies you plan to initially deploy

37System requirements and recommendationsOracle database requirements

■ The number of policies you plan to add over time

■ The number and size of attachments you want to store (if you decide to store attachmentswith related incidents)

■ The length of time you intend to store incidents

See the Symantec Data Loss Prevention Administration Guide for more information aboutdeveloping policies.

See the Symantec Data Loss Prevention Oracle Installation and Upgrade Guide for moreOracle installation information.

Browser requirements for accessing the EnforceServer administration console

You can access the Enforce Server administration console using any of the following browsers:

■ Microsoft Internet Explorer 10 or 11

■ Mozilla Firefox 58 through 62, and Firefox Enterprise (ESR) 60.

You must be using Adobe Flash Player, minimally version 27, to view the Folder Risk Reportfor Network Discover/Cloud Storage Discover (Incidents > Discover > Folder Risk Report).

Deploying Data Loss Prevention on public cloudinfrastructures

Symantec supports deployment of Data Loss Prevention servers on Amazon Web Services(AWS), Microsoft Azure, and Oracle Cloud public clouds.

Deploying Symantec Data Loss Prevention on AmazonWeb Servicesinfrastructure

Table 2-12 lists the servers and operating systems that are supported for deployment of DataLoss Prevention on AWS.

38System requirements and recommendationsBrowser requirements for accessing the Enforce Server administration console

Table 2-12 Deploying Symantec Data Loss Prevention 12.5 - 15.5 on AWS

Operating systemsData Loss Prevention servers

Microsoft Windows Server 2012 R2 with patch

Microsoft Windows Server 2016

Red Hat Enterprise Linux 6.8, 6.9, and 6.10

Red Hat Enterprise Linux 7.3 through 7.5

Note: The RHEL 6.x and 7.x AWSAMI distributionsrequire an additional package. See the referencebelow.

Enforce Server with Oracle database on the samecomputer (two-tier deployments)

Oracle database with Amazon RDS (three-tierdeployments)

Cloud Prevent for Email

Network Prevent for Web

Network Prevent for Email

Endpoint Prevent

Network Discover/Cloud Storage Discover

For more information, see Deploying the Symantec Data Loss Prevention on Amazon WebServices (AWS) Infrastructure at http://www.symantec.com/docs/DOC9520.

Deploying Symantec Data Loss Prevention on Microsoft AzureTable 2-13 lists the servers and operating systems that are supported for deployment of DataLoss Prevention on Microsoft Azure.

Table 2-13 Deploying Symantec Data Loss Prevention on Microsoft Azure

Operating systemsData Loss Prevention servers

Windows Server 2012 R2 with patch

Windows Server 2016

Red Hat Enterprise Linux 6.8 and 6.9

Red Hat Enterprise Linux 7.3 and 7.4

Enforce Server with Oracle database

Cloud Prevent for Email

Network Prevent for Web


Endpoint Prevent

Network Discover/Cloud Storage Discover

Symantec supports SIR (Symantec Image Recognition) including OCR and Form Recognitionwith Cloud Prevent for Email on Azure.

Symantec supports the use of the Azure load balancer to balance the endpoint clientconnections to the Endpoint Server.

Deploying Symantec Data Loss Prevention on Oracle CloudSymantec Data Loss Prevention is supported in the following environments:

39System requirements and recommendationsDeploying Data Loss Prevention on public cloud infrastructures


■ Oracle Cloud IaaS

■ Oracle Bare Metal Cloud with managed Virtual Machine (VM) instances

Table 2-14 lists the servers and operating systems that are supported for deployment of DataLoss Prevention on Oracle Cloud Infrastructure as a Service.

Table 2-14 Deploying Symantec Data Loss Prevention on Oracle Cloud Infrastructure as aService

Operating systems and configurationData Loss Prevention servers

Oracle Linux 7.3 with RHCK (Red Hat compatiblekernel) is required.

Enforce Server with Oracle database on the samecomputer (two-tier deployments)


Endpoint Prevent

Network Discover

Note: Three-tier Symantec Data Loss Prevention deployments are not supported on Oracle.

Virtual server supportSymantec supports running Symantec Data Loss Prevention servers on VMware ESXi 6.xand Windows Hyper-V virtualization products, provided that the virtualization environment isrunning a supported operating system.

Note: Symantec Data Loss Prevention Virtual Appliances are supported in a virtualizationenvironment on VMware ESXi 5.5.0 Update 2 and VMware ESXi 6.5.

See “Operating system requirements for servers” on page 21.

At a minimum, ensure that each virtual server environment matches the system requirementsfor servers described in this document.

See “Minimum system requirements for Symantec Data Loss Prevention servers” on page 14.

Consider the following support information when configuring a virtual server environment:

■ Endpoint Prevent servers are supported only for configurations that do not exceed therecommended number of connected agents.

■ Symantec does not support running the Oracle database server on VMware ESXi 5.x,VMware ESXi 5.x, and VMware ESX 6.x virtual hardware. If you deploy the Enforce Serverto a virtual machine, you must install the Oracle database using physical server hardware.

40System requirements and recommendationsVirtual server support

■ Symantec supports running the Enforce Server and Oracle database server in a WindowsHyper-V environment.

■ Symantec does not support Single Server installations on virtual machines.

A variety of factors influence virtual machine performance, including the number of CPUs, theamount of dedicated RAM, and the resource reservations for CPU cycles and RAM. Thevirtualization overhead and guest operating system overhead can lead to a performancedegradation in throughput for large datasets compared to a system running on physicalhardware. Use your own test results as a basis for sizing deployments to virtual machines.

See the Symantec Data Loss Prevention Network Monitor and Prevent Performance SizingGuidelines, available at the Symantec Support Center athttp://www.symantec.com/docs/DOC8253, for additional information about running NetworkPrevent servers on virtual machines.

Virtual desktop and virtual application support withEndpoint Prevent

You can deploy the DLP Agent on Citrix and VMware virtual machines to monitor virtualdesktops and prevent remote users from copying sensitive data that is accessible through avirtual desktop.

Citrix virtualization supportThe DLP agent is supported to run on the following Citrix XenDesktop virtual workstations andCitrix XenApp server configurations:

■ Citrix XenApp

■ Citrix XenApp 6.5 on Windows Server 2008 Enterprise Edition R2 (64-bit)

■ Citrix XenApp 7.6 onWindows Server 2008 Enterprise Edition R2 (64-bit) andWindowsServer 2012 R2 Standard Edition






41System requirements and recommendationsVirtual desktop and virtual application support with Endpoint Prevent


■ Citrix XenApp 7.15 on Windows Server 2016 Standard Edition

■ Citrix XenApp 7.15 Long Term Service Release (LTSR), Update 2 on Windows Server2016 Standard Edition




Note: Files saved from Microsoft Office (using Save As) to client drives hosted on CitrixXenApp 7.13 through 7.18 are not monitored. However, if you are running Citrix XenApp7.13 or later with version 7.12 Virtual Delivery Agent (VDA), files saved to client drives(using Save As) are monitored. You can find steps on enabling monitoring for thesesave operations at the following Symantec Support Center article:



■ Citrix XenDesktop

■ Citrix XenDesktop 7.6 on Windows 7 SP1 (32-bit or 64-bit)

■ Citrix XenDesktop 7.9 on Windows 7 SP1 (32-bit or 64-bit), Windows 8.0, 8.1, andWindows 10 (64-bit)

■ Citrix XenDesktop 7.12 on Windows 7 SP1 (32-bit or 64-bit) and Windows 10 (64-bit)



■ Citrix XenDesktop 7.15 on Windows 7 SP1 (64-bit) and Windows 10 RS2 (64-bit)

■ Citrix XenDesktop 7.15 Long Term Service Release (LTSR), Update 2 on Windows 7SP1 (64-bit) and Windows 10 RS4 (version 1803) (64-bit)

■ Citrix XenDesktop 7.16 on Windows 10 RS2 (64-bit)

■ Citrix XenDesktop 7.17 on Windows 10 RS3 (version 1703) (64-bit)


42System requirements and recommendationsVirtual desktop and virtual application support with Endpoint Prevent


Note: Files saved from Microsoft Office (using Save As) to client drives hosted on CitrixXenDesktop 7.13 through 7.18 are not monitored. However, if you are running CitrixXenDesktop 7.13 or later with version 7.12 Virtual Delivery Agent (VDA), files saved toclient drives (using Save As) are monitored. You can find steps on enabling monitoringfor these save operations at the following Symantec Support Center article:



VMware virtualization supportSymantec supports running the Symantec DLP Agent software on virtual workstations usingone of the following:

■ VMware Workstation 6.5.x

Note: VMware Workstation 6.5.x is deprecated in Symantec Data Loss Prevention 15.0.

■ VMware View 4.6

■ VMware Horizon View 6.0.1 and 6.2.1

■ VMware Horizon View 7.1, 7.3.1, 7.4, 7.6, 7.9, and 7.10

■ VMware Fusion 7 (macOS)

■ Hyper-V and Hyper-V (WS 2012 R2)

Supported operating systems for the EMDI, EDM, andIDM Remote Indexers

You can install the Remote EMDI Indexer, the Remote EDM Indexer, and the Remote IDMIndexer on the following Windows operating systems:

■ Windows 7 (32-bit) Enterprise, Professional, Ultimate editions

■ Windows 7 (32-bit) (SP1) Enterprise, Professional, Ultimate editions

■ Windows 7 (64-bit) Enterprise, Professional, Ultimate editions

■ Windows 7 (64-bit) (SP1) Enterprise, Professional, Ultimate editions

■ Windows 8.1 (64-bit) Enterprise, Professional

■ Windows 8.1 Update 1 (64-bit) Enterprise, Professional


43System requirements and recommendationsSupported operating systems for the EMDI, EDM, and IDM Remote Indexers



■ Windows 10 Update [1511] (64-bit] Enterprise, Professional

■ Windows 10 Red Stone Update [1607 - RS1] (64-bit] Enterprise, Professional

■ Microsoft Windows 10 Creators Update (RS2 v1703)



Third-party software requirements andrecommendations

Symantec Data Loss Prevention requires certain third-party software. Other third-party softwareis recommended. See:

■ Table 2-15 for required software

■ Table 2-16 for required Linux RPMs

■ Table 2-17 for recommended software

Table 2-15 Required third-party software

DescriptionRequired forSoftware

Adobe Reader is required for readingthe Symantec Data Loss Preventiondocumentation.

Download from Adobe.

All systemsAdobe Reader

Required to support the reportingsystem.

The correct version of Tomcat isautomatically installed on the EnforceServer by the Symantec DLP InstallationWizard and does not need to beobtained or installed separately.

Enforce ServerApache Tomcat version 9

The Symantec DLP Installation Wizardautomatically installs the correct JREversion.

All serversJava Runtime Environment (JRE)1.8.0_181

Required SDK for Folder Risk Reporting.Network Discover/Cloud StorageDiscover Server

Flex SDK 4.6

44System requirements and recommendationsThird-party software requirements and recommendations

http://www.adobe.com

Table 2-15 Required third-party software (continued)

DescriptionRequired forSoftware

Provides high-speed monitoring.

Symantec supports

■ Multiple capture ports per NapatechNetwork capture card

■ NT40A01 Napatech NetworkAccelerator

■ NT40E3 and NT20E2 10 gigabitinterfaces

■ Multi-threaded packet capture■ Napatech hardware filtering■ Napatech third-generation card

drivers for Windows and RHELplatforms

■ Virtualized Data Loss PreventionNetwork Monitor with capture cardsas PCI pass-through devices in theVMware ESXi platform

Napatech cards are not supported onSingle Server installations.

Napatech NT20E2, NT4E, NT40A01,and NT40E3 high-speed packet capturecard

Napatech driver package 8.0.3(driver version 3.5.1) (WindowsServer 2012 R2 and WindowsServer 2016) and driver package8.1.0 (driver version 3.5.0) (RHEL6x/7x)

Windows packet capture library.

Download from winpcap.org.

Required for Windows-based NetworkMonitor Server. WinPcap 4.1.3 isrequired for Microsoft Windows Server2012.

Recommended for all Windows-baseddetection servers.

WinPcap 4.1.3

Endace cards are not supported onSingle Server installations.

Download from Endace.

See “Medium installation minimumhardware requirements” on page 18.

Detection servers equipped with anEndace network measurement card.

Endace card driver 5.3.1

Virtualization software.

Download from VMware.

Required to run supported componentsin a virtualized environment.

See “Virtual server support” on page 40.

VMware

Provides directory services for Windowsdomain networks.

Required versions for connecting toActive Directory.

Microsoft Active Directory 2003,2008 R2, 2012, 2012 R2, or 2016


http://www.winpcap.org/install/default.htm

http://www.endace.com

https://www.vmware.com/download/vi

In addition to the Linux Minimal Installation, Linux-based Symantec Data Loss Preventionservers require the Red Hat Package Managers (RPM) listed in Table 2-16.

Table 2-16 Required Linux RPMs

Required RPMsLinux-based servers

aprapr-utilbinutilsexpatlibicuXorg-x11*

*Required only for graphical installation.Console-mode installation does not require an Xserver.

Enforce Server

Oracle server

aprapr-utilexpatlibicuXorg-X11*

*Required only for graphical installation.Console-mode installation does not require an Xserver.

Network Monitor Server

Red Hat Enterprise Linux version 6 has these additional dependencies:

■ Desktop Platform Development group package (yum groupinstall "Desktop Platform

Development")

■ compat-openldap

■ compat-expat1

■ compat-db43

■ openssl098e

Red Hat Enterprise Linux version 7 has these additional 64-bit only package dependencies:

■ Server with GUI group package (yum groupinstall "Server with GUI")

■ Dev Tools group package (yum groupinstall "Development Tools")

■ compat-openldap

■ compat-db

■ libpng


■ compat-libtiff3

■ gtk+-devel

■ gtk2-devel

■ gstreamer

■ libstdc++.so.5

■ libX11

■ libXext

■ libXi

■ libXrender

■ libXtst

■ wget

■ unzip

Note: SeLinux must be disabled on all Linux-based servers.

Symantec recommends the third-party software listed in Table 2-17 for help with configuringand troubleshooting your Symantec Data Loss Prevention deployment.

Table 2-17 Recommended third-party software

DescriptionLocationSoftware

Use Wireshark (formerly Ethereal) to verify thatthe detection server NIC receives the correct trafficfrom the SPAN port or tap. You can also useWireshark to diagnose network problems betweenother servers.

Download the latest version from Wireshark.

Any server computerWireshark

Use in combination with Wireshark to verify thatthe detection server Endace NIC receives thecorrect traffic from the SPAN port or tap. Dagsnapis included with Endace cards, and is not requiredwith non-Endace cards.

Network Monitor Server computers thatuse Endace cards

dagsnap

Troubleshooting utilities. Recommended fordiagnosing problems on Windows servercomputers.

Download the latest version from Microsoft.

Any Windows server computerSysinternals Suite


http://www.wireshark.org

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

Table 2-17 Recommended third-party software (continued)

DescriptionLocationSoftware

An LDAP browser is recommended for configuringor troubleshooting Active Directory or LDAP.

Enforce ServerLDAP browser


Product compatibility


■ Environment compatibility and requirements for Network Prevent for Email

■ Proxy server compatibility with Network Prevent for Web

■ SSL monitoring with Network Monitor

■ Secure ICAP support for Network Prevent for Web using the stunnel service

■ High-speed packet capture cards

■ Veritas Data Insight compatibility with Symantec Data Loss Prevention

■ Integrations with other Symantec products

■ Network Discover/Cloud Storage Discover compatibility

■ Endpoint Prevent supported applications

Environment compatibility and requirements forNetwork Prevent for Email

The Network Prevent for Email Server is compatible with a wide range of enterprise-gradethird-party SMTP-compliant MTAs and hosted email services. Consult your MTA vendor orhosted email service for specific support questions.

Network Prevent for Email Server can integrate with an MTA or hosted email service thatmeets the following requirements:

■ The MTA or hosted email service must be capable of strict SMTP compliance. It must beable to send and receive mail using only the following command verbs: HELO (or EHLO),RCPT TO, MAIL FROM, QUIT, NOOP, and DATA.

3Chapter

■ When running the Network Prevent for Email Server in reflecting mode, the upstream MTAmust be able to route messages to the Network Prevent for Email Server only once foreach message.

You can use an SMTP-compliant MTA that routes outbound messages from your internal mailinfrastructure to the Network Prevent for Email Server. For reflecting mode compatibility, theMTA must also be able to route messages that are returned from the Network Prevent forEmail Server out to their intended recipients.

Network Prevent for Email Server attempts to initiate a TLS connection with a downstreamMTA only when the upstream MTA issues the STARTTLS command. The TLS connectionsucceeds only if the downstream MTA or hosted email service supports TLS. It must alsoauthenticate itself to the Network Prevent for Email Server. Successful authentication requiresthat the appropriate keys and X509 certificates are available for each mail server in the proxiedmessage chain.

See the Symantec Data Loss Prevention MTA Integration Guide for Network Prevent for Emailfor information about configuring TLS support for Network Prevent for Email servers operatingin forwarding mode or reflecting mode.

Proxy server compatibility with Network Prevent forWeb

Network Prevent for Web Servers use a standard Internet Content Adaptation Protocol (ICAP)interface and support many proxy servers. Table 3-1 indicates the servers and the protocols.

Symantec Data Loss Prevention also supports secure ICAP (SICAP).You can set up secureICAP with Blue Coat ProxySG through the Enforce Server administration console. You canset up other proxies with secure ICAP using stunnel. Use of stunnel for secure ICAP isdeprecated in Symantec Data Loss Prevention version 15.1 and will be removed in a subsequentrelease. See “Secure ICAP support for Network Prevent for Web using the stunnel service”on page 51.

Table 3-1 Network Prevent for Web supported proxy servers

Configuration informationSupported protocolsProxy

Blue Coat product documentationICAP, SICAP, HTTP, HTTPS,or FTP proxy

Blue Coat ProxySG versions 6.6.x and6.7 for Network Prevent for Web

Cisco IronPort product documentation

9.1.x and 10.5.x support Secure ICAP

10.1.x does not support SICAP

ICAP, HTTP, HTTPSCisco IronPort S-Series versions 9.1.x,10.1.x, and 10.5.x

50Product compatibilityProxy server compatibility with Network Prevent for Web

Table 3-1 Network Prevent for Web supported proxy servers (continued)

Configuration informationSupported protocolsProxy

See the "Using the F5 Proxy with SymantecData Loss Prevention Network Prevent forWeb" at the Symantec Support Center at


for information on integrating the F5 BIG-IPSystem with Network Prevent for Web as anICAP client-server solution.

ICAP, HTTP, HTTPSF5 BIG-IP System version 12.0.x,13.1.0.8, 14.1.0

FortiGate-VM product documentationICAP, HTTP, HTTPSFortinet FortiGate-VM 5.6.x and 6.2.x

Secure Web documentation (particularly thechapter that describes setting up Secure Webwith a DLP Solution)

ICAP, SICAP, HTTP, HTTPS,or FTP proxy

McAfee Web Gateway (formerlySecure Computing Secure WebWebwasher) version 7.7.x, 7.8.2

See the Symantec Data Loss PreventionIntegration Guide for Squid Web Proxy

ICAP, HTTP, HTTPSSquid Web Proxy versions 3.5.x

Does not support redaction.

Only supports "Block HTTP/HTTPS".

RESPMOD is not supported.

Websense blocks the traffic only when the sizeof the Symantec Data Loss Prevention rejectionmessage (in the response rule) is larger than512 bytes. If the rejection message is less than512 bytes, an incident is generated but thenetwork traffic is not blocked.

ICAP, HTTP, HTTPS, FTPWebsense Appliance V5000 andV10000, withWebsenseWeb Securityversion 8.4

SSL monitoring with Network MonitorSymantec has certified Network Monitor to monitor Blue Coat SSL Visibility Appliance.

For details, see the article TECH231642 at the Symantec Support Center.

Secure ICAP support for Network Prevent for Webusing the stunnel service

Support for stunnel is deprecated in version 15.1 and will be removed in a subsequent release.

51Product compatibilitySSL monitoring with Network Monitor



Beginning with Symantec Data Loss Prevention 15.1, you can reconfigure your system to useintegrated Secure ICAP for Network Prevent for Web instead of stunnel. See the SymantecData Loss Prevention Administration Guide or online Help for configuration details.

High-speed packet capture cardsThis topic describes the high-speed packed capture cards that are supported for NetworkMonitor.

Table 3-2 Supported high-speed packet capture cards

Driver versionVersionCard

5.7.1DAG 7.5 G2/G4 (PCI-E)

DAG 10X2

Note: Endace cards for use with Data LossPrevention are supported on Linux 64-bit systemsonly. Endace cards are not supported on SingleServer installations.

Endace

Driver package 8.0.3 (driver version 3.5.1)for Windows

Driver package 8.1.0 (driver version 3.5.0)for Linux

Symantec supports the following

■ Multiple capture ports per NapatechNetwork capture card

■ NT40A01NapatechNetwork Accelerator■ Multi-threaded packet capture■ Napatech hardware filtering■ Napatech third-generation card drivers

for Windows and RHEL platforms■ 10 gigabit adapters■ Virtualized Data Loss Prevention

Network Monitor with capture cards asPCI pass-through devices in the VMwareESXi platform

NT20E2, NT20E3, NT4E, NT40A01, and NT40E3Napatech

52Product compatibilityHigh-speed packet capture cards

VeritasData Insight compatibilitywithSymantecDataLoss Prevention

Veritas Data Insight is a separately licensed option to Symantec Data Loss Prevention thathelps organizations solve the problem of identifying data owners and responsible parties forinformation due to incomplete or inaccurate metadata or tracking information. Data Insightprovides a connection from the Enforce Server to a Data Insight Management Server.

Table 3-3 Supported versions of Veritas Data Insight and Symantec Data Loss Prevention

DLP version15.5

DLP version15.1

DLP version15.0

DLP version14.6

DLP version14.5

DLP version14.0

DataInsightversion

NoNoNoNoNoNo2.0 - 4.5.1

NoNoNoNoNoYes4.5.2, 4.5.3

NoNoNoNoYesYes5.0

NoNoNoNoYesYes5.1

YesYesYesYesNoNo5.1.1

YesYesYesYesNoNo5.2

YesYesYesYes, onversion 14.6MP1

NoNo6.0

YesYesYesYes, onversion 14.6MP2

NoNo6.1

YesYesYes, on version15.0 MP1

NoNoNo6.1.1

YesYesNoNoNoNo6.1.2

YesYes, on version15.1 MP1

NoNoNoNo6.1.3

YesNoNoNoNoNo6.1.4

53Product compatibilityVeritas Data Insight compatibility with Symantec Data Loss Prevention

Integrations with other Symantec productsThis section describes compatibility of various integrations of Symantec Data Loss Preventionwith other Symantec products.

Table 3-4 Symantec product compatibility with Symantec Data Loss Prevention

DLPversion15.5

DLPversion15.1

DLPversion15.0

DLPversion14.6

DLPversion14.5

DLPversion14.0

NoteVersionSymantecproduct

NoNoNoNoNoNo2.63Symantec PGPUniversalGateway Email YesYesYesNoYesYes3.3.x

NoNoNoNoNoNo7.5SymantecMessagingGateway (SMG)

8200 and 8300Series

NoNoNoNoNoNo8.0

NoNoYesNoYesYes10.0.1.2

NoNoYesNoYesYes10.0.2

NoNoYesNoYesYes10.5.0-8

NoNoNoNoYesYes10.5.3

YesYesYesYes10.6.x

NoNoNoNoYesYes5.0,5.0.2.8

Symantec WebGateway (SWG)

YesYesYesYesYesNo5.2.7

54Product compatibilityIntegrations with other Symantec products

Table 3-4 Symantec product compatibility with Symantec Data Loss Prevention (continued)

DLPversion15.5

DLPversion15.1

DLPversion15.0

DLPversion14.6

DLPversion14.5

DLPversion14.0

NoteVersionSymantecproduct

NoNoNoNoNoYesForinformationaboutconfiguringSymantecEndpointProtection foruse withNetworkDiscover/CloudStorageDiscover andNetworkMonitor, seethe SymantecData LossPrevention14.0 ReleaseNotes.

12.1,12.1RU4

SymantecEndpointProtection

NoNoNoYesYesYes12.1.5(12.1RU5)

YesYesYesYesNoNo12.1.6(12.1RU6MP6)

YesYesYesNoNoNo14.0

YesYesYesNoNoNo14.0.1and14.0.1MP1

NoNoYesYesYesYes3.3SymantecEncryptionManagementServer (DLPEncryptionInsight)

YesYesYesYesNoNo3.4

55Product compatibilityIntegrations with other Symantec products

Network Discover/Cloud Storage Discovercompatibility

Network Discover/Cloud Storage Discover locates exposed confidential data by scanning abroad range of enterprise data repositories such as: file servers, databases, MicrosoftSharePoint, Lotus Notes, Documentum, Livelink, Microsoft Exchange, and Web servers.

See “Supported file system targets” on page 56.

See “Supported IBM (Lotus) Notes targets” on page 57.

See “Supported SQL database targets” on page 57.

See “Supported SharePoint server targets” on page 57.

See “Supported Exchange Server targets” on page 58.

See “Supported file system scanner targets” on page 58.

See “Supported Documentum (scanner) targets” on page 59.

See “Supported OpenText (Livelink) scanner targets” on page 59.

See “Supported web server (scanner) targets” on page 59.

Supported Box cloud storage targetsThe Box target supports scanning of files and folders in enterprise Box cloud storage accounts.

Supported file system targetsThe File System target supports scanning of the following network file systems.

Supported file servers:

■ CIFS Servers only

Supported file shares:

■ CIFS:

■ Windows Server 2008 R2 (SMB 1.0 and 2.0 supported on Windows and Linux NetworkDiscover/Cloud Storage Discover servers)

■ Windows Server 2012 R2 (SMB 1.0 and 2.0 supported on Windows and Linux NetworkDiscover/Cloud Storage Discover servers)

■ Windows Server 2016 (SMB 1.0 and 2.0 supported on Windows and Linux NetworkDiscover/Cloud Storage Discover servers)

■ NFS on Red Hat Enterprise Linux 6.x, and 7.x

■ DFS scanning on Windows 2008 R2, 2012 R2, and 2016.

56Product compatibilityNetwork Discover/Cloud Storage Discover compatibility

Note: DFS is not supported with Network Protect.

In addition, the File System target supports scanning of the following file types:

■ Microsoft Outlook Personal Folders (.pst files) created with Outlook 2010, 2013, and 2016.The Network Discover/Cloud Storage Discover Server scanning this target must be runninga Windows operating system, and Outlook 2007 or later must be installed on that system.

■ File systems on UNIX systems, even if they are not exposed as CIFS or NFS shares.Use the SFTP protocol to provide a method similar to the scans of file shares.You can also scan the local file system on a Linux Network Discover/Cloud Storage DiscoverServer by listing the path name in the content root. For example, you can enter/home/myfiles.

Supported IBM (Lotus) Notes targetsThe IBM Notes (formerly known as Lotus Notes) target supports scanning of the followingversions:

■ Lotus Notes 8.5.x

■ IBM Notes 9.0.x

The files Notes.jar and NCSO.jar are in the Lotus Notes client installation directory. Themanifest version number of these files depend on the Domino server version.

■ Version 8 has a manifest version in the JAR file of 1.5.0

■ Version 9 has a manifest version in the JAR file of 1.6.0

Supported SQL database targetsThe following SQL Databases were tested with Network Discover/Cloud Storage DiscoverTarget scans:

■ Oracle 11g (11.2.x), 12c (12.1.x), and 18c (12.2.x) (the vendor_name is oracle)

■ SQL Server 2014 and 2016 (the vendor_name is sqlserver)

■ DB2 10.5 (the vendor_name is db2)

Contact Symantec Data Loss Prevention support for information about scanning any otherSQL databases.

Supported SharePoint server targetsThe following SharePoint server targets are supported:


■ Microsoft Office SharePoint Server 2010 SP2

■ Microsoft Office SharePoint Server 2013 SP1

■ Microsoft Office SharePoint Server 2016

■ Microsoft Office SharePoint Server 2019Consider the following known issues when implementing the SharePoint Server 2019 servertarget:

■ Symantec Data Loss Prevention cannot scan a SharePoint Server 2019 target if anyfolder name or file name on the SharePoint site contains the percentage sign (%) orthe number sign (#).

■ Symantec Data Loss Prevention cannot quarantine files for SharePoint Server 2019.

■ You must install the Symantec SharePoint solution to scan SharePoint Server 2019targets.

Supported Exchange Server targetsSymantec Data Loss Prevention supports the following Exchange Server targets:

■ Microsoft Exchange Server 2010 SP3

■ Microsoft Exchange Server 2013

■ Microsoft Exchange Server 2013 SP1

■ Microsoft Exchange Server 2016 (on-premises)

To use the ExchangeWeb Services connector, ExchangeWeb Services and the AutodiscoverService must be enabled on your Exchange server and are accessible to the NetworkDiscover/Cloud Storage Discover server.

You can scan the data objects that are stored within Public Folders, such as:

■ Email messages

■ Message attachments

■ Microsoft Word documents

■ Excel spreadsheets

The Exchange scan also targets mail stored in Exchange 2013 and 2016 Personal Archives.

Supported file system scanner targetsThe following remote Windows systems can be scanned:

■ Windows Server 2008 R2


■ Windows Server 2012 R2

■ Windows Server 2016

The following Linux file systems can be scanned:

■ Red Hat Enterprise Linux 6.x

■ Red Hat Enterprise Linux 7.4

The following AIX file systems can be scanned:

■ AIX 7.1

AIX requires the following C run time libraries, as well as Java 1.8 and Java 8 JRE:

■ xlC.aix50.rte (v8.0.0.0+)

■ xlC.rte (v8.0.0.0+)

The following 32-bit Solaris file systems can be scanned (64-bit systems are not supported):

■ Solaris 10 (SPARC platform)

Solaris requires the following patch levels for the scanner:

■ Solaris 9, 115697-01

File systems on UNIX systems can also be scanned using the SFTP protocol. This protocolprovides a method similar to share-based file scanning, instead of using the File SystemScanner. Contact Symantec Professional Services for details.

Supported Documentum (scanner) targetsThe Documentum scanner supports scanning a Documentum Content Server 5.3.x or 6.6.x,and 6.7 repository. All versions are deprecated in Symantec Data Loss Prevention 15.5.Documentum scanners will be removed in the next release of Symantec Data Loss Prevention.

Supported OpenText (Livelink) scanner targetsThe Livelink scanner supports scanning of OpenText (Livelink) Server 9.x targets. This versionis deprecated in Symantec Data Loss Prevention 15.5. Livelink scanners will be removed inthe next release of Symantec Data Loss Prevention.

Supported web server (scanner) targetsThe web server scanner supports scanning of a static HTTP web site.


Endpoint Prevent supported applicationsTable 3-5 describes individual applications that can be monitored using Endpoint Prevent onWindows; Table 3-6 describes browsers that can be monitored using Endpoint Prevent onmacOS.

Endpoint Prevent enables you to add monitoring support for other third-party applications notlisted in the following tables. An example of a third-party application is Thunderbird. You addmonitoring support for an application on the Enforce Server administration console. Alwaystest monitoring support for applications before you enable monitoring on a large number ofendpoints. Individual applications may need additional filtering settings to maintain acceptableperformance. See the Symantec Data Loss Prevention System Administration Guide for moreinformation about configuring and using application monitoring.

Note: Table 3-5 and Table 3-6 assume that you have installed the latest DLP hot fix fromSymantec.

Applications supported by Endpoint Prevent on WindowsTable 3-5 describes individual applications that can be monitored using Endpoint Prevent onWindows.

Table 3-5 Applications supported on Windows

DLP 15.5DLP 15.1DLP 15.0DLP 14.6DLP 14.5DLP 14.0VersionsSoftwareFeature

YesYesYesYesYesYesAllAllbrowsers

HTTP

60Product compatibilityEndpoint Prevent supported applications

Table 3-5 Applications supported on Windows (continued)


NoNoNoNoNoNo6.0InternetExplorer

SecureHTTP(HTTPS) NoNoNoNoNoNo7.0

NoNoNoNoNoNo8.0

NoNoYes(WindowsServer2008 R2)

YesYesYes9.0

YesYesYes(WindowsServer2008 R2)

YesYesYes10.0

YesYesYesYesYes(Windows7, 8.1Enterprise,10Enterprise,andWindowsServer2012 R2,Desktopmode onlyand EPMdisabled)

Yes(Windows7, 8.1Enterprise,10Enterprise,andWindowsServer2012 R2,Desktopmode onlyand EPMdisabled)

11.0

NoDeprecatedNoNoRS1Edge




Yes

No (onWindows10 CreatorsUpdate[versions1703 and1709]. Thetable belowprovidesdetails onenablingEdgemonitoringfor thisscenario.)

Yes

No (onWindows10 CreatorsUpdate[versions1703 and1709]. Thetable belowprovidesdetails onenablingEdgemonitoringfor thisscenario.)

YesYesNoNoNoNoRS2Edge,continued

YesYesNoNoNoNoRS3 andRS4

NoNoNoNoNoNo2.0 - 5.0Firefox

YesYesYesYes(38-44),includingFirefox64-bit,which wasintroducedin Firefox43.

YesYes (35through46.0.1 andthrough47.0 onDLP Agentversion14.0.2)

23 through46.0.1

YesYesYesYesNoNo51-54


YesYesYesNoNoNo62

YesYes, onversion15.1 MP1

NoNoNoNo63




Firefox,continued

YesNoNoNoNoNo64, 65


Yes, onversion15.0 MP1


NoNo66



NoYes, onversion14.6 MP3

NoNo67




NoNo68



NoNoNoNo69

YesYesNoNoNoNo70



NoNoNoNo71

YesYesYes38-44,51-57

58 and 59on DLPAgentversion14.6 MP1

Yes(Windows10 supportbegins with51)

55 on DLPAgentversion14.5 MP1

Yes (51and 52supportedonWindows10 withDLP Agentversion14.0.2)

38 through59

GoogleChrome

YesYesYesYesNoNo60 through69


NoNoNoNo70, 71




Yes, withHotfix15.5.0001.

See ALERT2641 fordetailsabout thehot fix.

Yes, onversion15.1 MP1with Hotfix15.1.0107.


Yes, withHotfix15.0.0119


Yes, withHotfix14.6.0305


NoNo72, 73GoogleChrome,continued

Yes, withversion15.5 MP1

NoNoNoNoNo74

Yes, onversion15.5 MP1with Hotfix15.5.0107.01001


NoNoNoNo75

Yes, onversion15.5 MP1,with Hotfix15.5.0107.01001

Yes, onversion15.1 MP2with Hotfix15.1.0202.01003

NoNoNoNo76




NoNoNo77



NoNoNoNo78



NoNoNoNo79


https://support.symantec.com/en_US/article.ALERT2641.html?










YesYesYesYesYesYesN/AAIMInstantmessaging

YesYesYesYesYesYesN/AAIM Pro

YesYesYesYesYesYesN/AAIM6

YesYesYesYesYesYesN/AMicrosoftOfficeComm-unicator

YesYesYesYesYesYesN/ASkype

NoNoNoNoNoYes2007OutlookEmail

YesYesYesYesYesYes2010


YesYesYesYesYesNo2016

YesYes, on15.1 MP1

NoNoNoNo2019

NoNoNoNoNoYes2007OutlookWebAccess(rich andlight mode)


YesYesYesYesYes2013

YesYesYesYesYesNo2016

YesYesYesYesYesYesN/AOutlook.com

NoNoNoNoNoNo6.5 - 8.5LotusNotes

Yes (8.5.3)Yes (8.5.3)Yes (8.5.3)Yes (8.5.3)Yes (8.5.3)Yes8.5.xLotusNotes(IBMDomino) YesYesYesYesYesYes9.x

YesYesYesYesYesYesN/AFTP




YesYesYesYesYesYesN/ABsClipCD/DVD

YesYesYesYesYesYesN/ABsRecorderGold

YesYesYesYesYesYesN/ABurnAware

YesYesYesYesYesYesN/ACheetahBurner

YesYesYesYesYesYesN/ACommandBurner

YesYesYesYesYesYesN/ACopyToDVD

YesYesYesYesYesYesN/ACreator10

YesYesYesYesYesYesN/AGEAR forWindows

YesYesYesYesYesYesN/Amkisofs

YesYesYesYesYesYesN/ANero

YesYesYesYesYesYesN/ANero StartSmart

YesYesYesYesYesYesN/ARoxio

YesYesYesYesYesYesN/ARoxioRecordNow

YesYesYesYesYesYesN/ARoxio5

YesYesYesYesYesYesN/ARoxioMediahub

YesYesYesYesYesYesN/ASilent NightMicroBurner

YesYesYesYesYesYesN/AStar Burn




YesYesYesYesYesYes4.0.6169BoxCloudSyncApps YesYesMost

recentversionavailable

YesYes

Version31.4.x -38.4.x

Yes

Version20.4.x -38.4.x.

Yes

Version20.4.x -29.4.xsupportedon DLPAgentsversion14.6 MP1.

Yes

Version20.4.x -29.4.xsupportedon DLPAgentsversion14.5 MP1.

3.2.93.2.x,

6.4.x,

8.4.x

12.4.x,13.4.x,14.4.x,15.4.x,17.4.x,19.4.x,20.4.x -38.4.x

Dropbox

YesYesMostrecentversionavailable

YesYesYesYesYes, andOneDrivePersonalandOneDriveforBusiness17.3.6390.0509,17.3.6517.0809

Yes15.0.4675.1003 forWin 8.1(default)17.3.4726.0226 and17.3.6517.0809 forWin 7x86/x64(desktopclient)

MicrosoftOneDrive

YesYesYesYesYesYes2.4.7.1621

Hightail

YesYesYesYesYes3.35.xGoogleBackup andSync YesYesYes3.37.x




YesYes3.41.x

YesYesYesYes

Version2.34.xsupportedon DLPAgentsversion14.6 MP1.

Yes

Version2.34.xsupportedon DLPAgentsversion14.5 MP1.

Yes, 1.20.x1.20.x,1.30.x,1.32.x,2.34.x -3.37.x

GoogleDrive

YesYesYesYesYesYes4.0.3.56,4.0.5.20

AppleiCloud

YesYesYesYesYesYesAdobeReader

Misc.

YesYesYesYesYesYesAppleiTunes

YesYesYesYesYesNoMicrosoftPro 2013

Click-to-Run

YesYesYesYesYesYesN/ARoxio_Central

YesYesYesYesYesYesN/AWebExCommuni-cationsModule

Note:Version 14.6.x and 15.0 agents running onWindows 10 Creators Update (versions 1703and 1709) do not support monitoring Edge by default. You can find details on enabling Edgemonitoring for this scenario at the following Symantec Support Center article.


Microsoft Office deprecationMicrosoft Office 2007 is deprecated in Symantec Data Loss Prevention 15.0.

Applications supported by Endpoint Prevent on macOSTable 3-6 describes browsers that can be monitored using Endpoint Prevent on macOS.



Table 3-6 Applications supported by Endpoint Prevent on macOS

DLP 15.5DLP 15.1DLP 15.0DLP 14.6DLP14.5DLP14.0

SoftwareVersion

SoftwareFeature

YesNoNoYesYesYes36.0.4,ESR 31.X

FirefoxSecureHTTP(HTTPS)

YesYesYesYesNoNo38 ESR,45 ESR,45.1.1ESR,45.4.0,46.0.1ESR,49.0.2ESR

YesYesYesYesYes (onDLPAgents,version14.5MP1)

No49 and 50



YesYesYesNoNoNo62

YesYes, onversion 15.1MP1

NoNoNoNo63

YesNoNoNoNoNo64, 65

YesYes, onversion 15.1MP1



NoNo66

Yes, onversion 15.5MP1



NoNo67




NoNo68

NoNoNoNo69


Table 3-6 Applications supported by Endpoint Prevent on macOS (continued)


SoftwareVersion

SoftwareFeature

Firefox,continued



YesYesNoNoNoNo70



NoNoNoNo71

NoNoNoNoNoYes6.0.x,7.0.x., and8.0.x

Safari

NoNoYesYesYes (onmacOS10.11)

No9.1

YesYesYesYesYes (forDLPAgents,version14.5 MP1onmacOS10.11.6)

No10.0.x

YesYes (macOS10.11,10.12.1,10.12.2, and10.12.3)

Yes (onmacOS10.11.x,10.12.1,10.12.2,and10.12.3)

No (onmacOS10.12.4,10.12.5,and10.12.6)

Yes (forDLPAgents,version14.6 MP1on macOS10.11.6)

No (onmacOS10.12.4)

NoNo10.1.x

YesNoNo11




SoftwareVersion

SoftwareFeature

Yes (onmacOS10.12.4 andlater)

YesYes (onmacOS10.12.6 andlater startingon DLPAgentversion 15.1MP1)

No12

YesNoNoNoYesYes41.0.xGoogleChrome

YesYesYesYesYesNo50

YesYesYesYesYesYes (onDLPAgentversion14.0.2)

51

YesYesYesYesYesYes (onDLPAgentversion14.0.2)

52


YesYesYesYesYes 14.5MP1

55

YesYesYesYesNoNo56

YesYesYesYesNoNo57

YesYesYesYes(starting onDLP Agentversion14.6 MP1)

NoNo58




SoftwareVersion

SoftwareFeature

YesYesYesYes(starting onDLP Agentversion14.6 MP1)

NoNo59GoogleChrome,continued

YesYesYesYesNoNo60 through69

YesNoNoNoNoNo73


NoNoNoNoNo74



NoNoNoNo75

Yes, onversion 15.5MP1, withHotfix15.5.0106.01001


NoNoNoNo76




NoNoNo77



NoNoNoNo78



NoNoNoNo79

YesYesYesYesYesNo2011OutlookEmail

YesYesYesYesNoNo2016




SoftwareVersion

SoftwareFeature

YesYes, onversion 15.1MP1 withDLP AgentHotfix15.1.0106.01005,availablefromSymantecSupport.

NoNoNoNo2019Outlook,continued

YesYesYesYesYesNoN/ACisco JabberInstantMessaging

YesYesYesYesYesNoN/ASkype

Support for monitoring applications protected by System IntegrityProtection

The DLP Agent monitors applications that are protected by System Integrity Protection (SIP)on macOS 10.11, 10.12, 10.13, and 10.14. You can find the latest macOS version support atthe following Symantec Support Center article:


