15.8 what's new and changed in symantec data loss …...the new dlp agent uses a microsoft outlook...

What's New and Changed in Symantec Data Loss Prevention15.8

Last updated: February 1, 2021

What's New and Changed in Symantec Data Loss Prevention 15.8

Table of Contents

Introducing Symantec Data Loss Prevention 15.8...........................................................................4About What's New in DLP 15.8...................................................................................................................................... 4Summary of new and changed features....................................................................................................................... 4

Enhanced MIP and Data Loss Prevention integration............................................................................................... 4Endpoint features........................................................................................................................................................ 5Enforce Server and platform features........................................................................................................................ 5End User Remediation: (incident management).........................................................................................................6Discover features........................................................................................................................................................ 7Detection features....................................................................................................................................................... 7Cloud features............................................................................................................................................................. 8Language support in Data Loss Prevention............................................................................................................... 8

New and changed features in Data Loss Prevention 15.8.............................................................. 9Enhanced MIP and Data Loss Prevention integration................................................................................................. 9

Manage MIP classification and decryption credential profiles in the Enforce Server administration console and theCloud Management Portal.......................................................................................................................................... 9Import MIP tags in the Enforce Server administration console..................................................................................9Support for authoring an MIP classification-based Data Loss Prevention policy condition for the Endpoint, Network,Storage, and Cloud................................................................................................................................................... 10Enable MIP classification for Microsoft Office applications on endpoints.................................................................10DLP Agent inspection of files and emails that are encrypted by MIP...................................................................... 10DLP Agent support for using a network proxy to connect to the MIP portal............................................................ 10Enable Enforce Server and detection server support for using a network proxy to connect to the MIP portal......... 11Network and Storage support for inspecting files and emails that are encrypted by MIP........................................ 11

Endpoint features in Data Loss Prevention 15.8........................................................................................................11LiveUpdate improvements.........................................................................................................................................11Support for Microsoft OneDrive within Microsoft Office Applications....................................................................... 12Support for Box Drive............................................................................................................................................... 12Support for monitoring Microsoft Edge Chromium on Windows endpoints using extensions.................................. 12Rearchitecture of Google Chrome monitoring for endpoints....................................................................................12Rearchitecture of Mozilla Firefox monitoring for macOS endpoints......................................................................... 13Rearchitecture of Microsoft Outlook monitoring for macOS endpoints.................................................................... 13Filtering for multiple endpoints on the Agent List page............................................................................................13Allow Microsoft Outlook emails encrypted with S/MIME to be sent......................................................................... 13

Enforce Server and platform features in Data Loss Prevention 15.8....................................................................... 13Age-based filtering and incidents..............................................................................................................................13Phased migration during upgrade.............................................................................................................................14

Network Detection uptime protection.................................................................................................................14

2


Support for Red Hat Enterprise Linux 8................................................................................................................... 14Support for Windows Server 2019........................................................................................................................... 14Ability to specify usage type for User Groups..........................................................................................................15Support for Oracle 19c Enterprise and Standard Edition 2......................................................................................15Support for OpenJDK 8 Java Runtime Environment (JRE)......................................................................................15Email quarantine integration with Symantec Messaging Gateway...........................................................................15Support for installing EMDI, EDM, and IDM remote indexers on Linux systems..................................................... 15

End User Remediation in Data Loss Prevention 15.8................................................................................................15End User Remediation for decentralized incident remediation................................................................................ 15

Discover features in Data Loss Prevention 15.8........................................................................................................ 16Enhanced support for the web server scanner........................................................................................................ 16Network Discover support for Microsoft SharePoint 2019....................................................................................... 16Removal of the Veritas Data Insight license file.......................................................................................................16Rewritten Folder Risk Report page to remove Adobe Flash dependency............................................................... 16

Detection features in Data Loss Prevention 15.8.......................................................................................................16High-performance Office Open XML content extraction upgrade............................................................................ 16DICOM file metadata detection.................................................................................................................................17XMP metadata detection for a variety of formats.....................................................................................................17New and updated data identifiers in 15.8................................................................................................................ 17

Cloud features in Data Loss Prevention 15.8............................................................................................................. 22Cloud email quarantine and release integration with Email Security.cloud..............................................................22

Language support in Data Loss Prevention 15.8....................................................................................................... 23Important changes to language support in Data Loss Prevention 15.8................................................................... 23

Removed and deprecated platforms and features..................................................................................................... 24Copyright statement.......................................................................................................................... 26

3


Introducing Symantec Data Loss Prevention 15.8

About What's New in DLP 15.8What's New and What's Changed in Symantec Data Loss Prevention 15.8 describes new features and capabilities thatare associated with the release. It also highlights changes relative to previous releases, including removal of features orsupported platforms.

This guide does not contain implementation or configuration details for these new features. It provides an overviewof each new feature in Symantec Data Loss Prevention 15.8, including, where appropriate, enough detail to help youunderstand how this feature is used. It also includes deployment information to help you plan for rolling out these newfeatures to your organization.

Where possible, the guide provides pointers to further information about new and changed functionality.

Summary of new and changed features

New and changed features in Data Loss Prevention 15.8

Summary of new and changed featuresNew and changed features in Symantec Data Loss Prevention 15.8 are summarized in the following sections. Extendeddescriptions of each feature are provided later in this guide.

Enhanced MIP and Data Loss Prevention integrationThe integration between Symantec Data Loss Prevention and Microsoft Information Protection adds significant capabilitiesin Data Loss Prevention 15.8:

• On Windows endpoints, DLP Agents can read MIP-protected documents and Outlook emails; and on macOSendpoints, DLP Agents can read MIP-protected documents. This expands the ability to read encrypted content offeredpreviously by Symantec AIP Insight, where MIP-encrypted content could only be read for Data Loss Prevention forNetwork, Storage, and DLP Cloud channels.

• You can write DLP policies to look for MIP Classification labels in files and messages, for all Data Loss Preventionproduct modules (Network, Storage, DLP Cloud, and Windows Endpoint).

• You can write DLP policies with a response rule that can suggest or automatically apply MIP labels for Officedocuments on endpoints.

For more information, see the expanded discussion in Enhanced MIP and Data Loss Prevention integration later in thisguide.

4


Endpoint features

Table 1: New and changed Endpoint features

Feature Short description

LiveUpdate improvements LiveUpdate now supports macOS endpoints and allows moregranular control over the deployment of agent updates.LiveUpdate improvements

Support for Microsoft OneDrive within Microsoft Office applications Detect and protect confidential information when files are saved toMicrosoft OneDrive from Microsoft Office applications.Support for Microsoft OneDrive within Microsoft OfficeApplications

Support for Box Drive Detect and protect confidential information when files are saved toor accessed from Box Drive.Support for Box Drive

Support for monitoring Microsoft Edge Chromium on Windowsendpoints using extensions

The new DLP Agent uses browser extensions to monitor MicrosoftEdge Chromium on Windows endpoints.

Rearchitecture of Google Chrome and Firefox browser extensionsnow supports older macOS versions

Rearchitecture of Google Chrome and Firefox browser extensionsnow supports macOS versions 10.14 and 10.15. DLP 15.7 MP2rearchitected browser extensions supported macOS 11 only.

Rearchitecture of Google Chrome monitoring for endpoints The new DLP Agent uses browser extensions to monitor GoogleChrome on Windows endpoints.Rearchitecture of Google Chrome monitoring for endpoints

Rearchitecture of Mozilla Firefox monitoring for endpoints The new DLP Agent uses browser extensions to monitor MozillaFirefox on macOS endpoints.Rearchitecture of Mozilla Firefox monitoring for macOS endpoints

Rearchitecture of Microsoft Outlook monitoring for macOSendpoints

The new DLP Agent uses a Microsoft Outlook add-in for macOSendpoints to monitor emails and calendar events that are createdand sent using Microsoft Outlook and Outlook Web Access. Thissupport is also available with a DLP 15.5 hot fix and in DLP 15.7MP2. Health monitoring events for Microsoft Outlook are added forDLP 15.8.Rearchitecture of Microsoft Outlook monitoring for macOSendpoints

Filtering for multiple endpoints on the Agent List page On the Agent List page of the Enforce Server administrationconsole, you can filter for more than one endpoint using thesearch box in the Machine column.Filtering for multiple endpoints on the Agent List page

Allow Microsoft Outlook emails encrypted with S/MIME to be sent Configure DLP Agents to disregard outgoing emails in MicrosoftOutlook that have the Encrypt with S/MIME option enabled sothat the DLP Agent no longer blocks the email from being sent.This feature is not available for macOS endpoints.Allow Microsoft Outlook emails encrypted with S/MIME to be sent

Enforce Server and platform features

5


Table 2: New and changed Enforce Server and platform features


Age-based filtering of incidents Ability to filter incidents based on their age and last update date.Age-based filtering and incidents

Phased migration during upgrade The Data Loss Prevention upgrade completes in separate phasesand provides an overview of potential system and databaseissues. DLP Administrators use the overview to identify and fixissues before the system goes down.Phased migration during upgrade

Network detection uptime protection Ability for Network Monitor to detect and report incidents after theserver is restarted.Network Detection uptime protection

Support for Red Hat Enterprise Linux 8 Support for Red Hat Enterprise Linux 8 on the Enforce Server anddetection servers.Support for Red Hat Enterprise Linux 8

Support for Windows Server 2019 Support for Microsoft Windows Server 2019 on the Enforce Serverand detection servers.Support for Windows Server 2019

Ability to specify the usage type for User Groups Ability to specify the usage type (for policy management or basedon roles) when creating a User Group.Ability to specify usage type for User Groups

Support for Oracle 19c Enterprise and Standard Edition 2 You can deploy the Data Loss Prevention database on Oracle 19cfor Enterprise and Standard Edition 2.Support for Oracle 19c Enterprise and Standard Edition 2

Support for OpenJDK 8 Java Runtime Environment (JRE) You can deploy Data Loss Prevention with Java Open JDK 8.Support for OpenJDK 8 Java Runtime Environment (JRE)

Support for running the Oracle database in the VMwareenvironment

You can deploy the Data Loss Prevention database to a VMwareenvironment.

Email quarantine integration with Symantec Messaging Gateway You can use the Enforce Server administration console to requestrelease from Symantec Messaging Gateway (SMG) quarantine,and you can delete SMG quarantined messages, using two newSmart Response rules.Email quarantine integration with Symantec Messaging Gateway

Support for installing EMDI, EDM, and IDM remote indexers onLinux systems

You can install EMDI, EDM, and IDM Remote Indexers on Linuxsystems.Support for installing EMDI, EDM, and IDM remote indexers onLinux systems

End User Remediation: (incident management)

Table 3: End User Remediation


End User Remediation End User Remediation simplifies the management of DLPincidents by decentralizing the incident remediation process.End User Remediation

6


Discover features

Table 4: New and changed Discover features


Enhanced support for the web server scanner The Data Loss Prevention web server scanner can now scanweb applications and websites using TLS through version 1.3.The Web Server scanner can also retrieve content from variousdocument types including web documents, Word, Excel, and PDFfiles.Enhanced support for the web server scanner

Network Discover support for Microsoft SharePoint 2019 Network Discover now supports the detection and quarantineof sensitive files that are located in Microsoft SharePoint 2019repositories.Network Discover support for Microsoft SharePoint 2019

Removal of the Veritas Data Insight license file The Data Insight page in the Enforce Server administrationconsole is now accessible without a license file.Removal of the Veritas Data Insight license file

Rewritten Folder Risk Report page to remove Adobe Flashdependency

The Folder Risk Report page for Veritas Data Insight integrationhas been rewritten to remove a dependency on Adobe Flash,which Adobe no longer supports.Rewritten Folder Risk Report page to remove Adobe Flashdependency

Detection features

Table 5: New and changed Detection features


High-performance Office Open XML content extraction upgrade A high-performance Office Open XML content extraction upgradeis enabled by default in Data Loss Prevention 15.8.High-performance Office Open XML content extraction upgrade

DICOM file metadata detection Ability to detect metadata in an image saved in the Digital Imagingand Communications in Medicine (DICOM) format.DICOM file metadata detection

XMP metadata detection for a variety of formats Ability to detect XMP metadata for PDF, PNG, GIF, JPG, and TIFF.XMP metadata detection for a variety of formats

New and updated data identifiers in 15.8 Symantec Data Loss Prevention 15.8 includes 18 new dataidentifiers and 107 renamed data identifiers.New and updated data identifiers in 15.8

7


Cloud features

Table 6: New and changed Cloud features


Cloud email quarantine and release integration with EmailSecurity.cloud

On-premises quarantine and release capabilities of the integrationwith Symantec Mail Gateway is extended to the cloud using EmailSecurity.cloud.Cloud email quarantine and release integration with EmailSecurity.cloud

Language support in Data Loss Prevention

Table 7: Important Changes to Language Support


Important changes to language support As of DLP 15.7 MP1, Data Loss Prevention only supports thefollowing languages: English, Brazilian Portuguese, Spanish,French, and Japanese.Important changes to language support

8


New and changed features in Data Loss Prevention 15.8

Enhanced MIP and Data Loss Prevention integrationMicrosoft Information Protection provides classification and Digital Rights Management capabilities. MIP alsoencompasses what previously was referred to as Azure Information Protection (AIP). Support for MIP is integrated into theSymantec Data Loss Prevention 15.8 Enforce Server, and across all Data Loss Prevention channels.

Previously, AIP Insight for Data Loss Prevention versions 15.1 through 15.7 provided decryption of MIP-protecteddocuments and emails and their inspection by Network, Storage, and Cloud DLP control points. The AIP Insight solutionrequired the download and installation of a plugin. The new MIP integration does not require a plugin. Customers of theAIP Insight solution can migrate to the new MIP integration available in Data Loss Prevention 15.8.

Data Loss Prevention 15.8 adds MIP integration for DLP Endpoint. The capabilities for DLP Endpoint and MIP integrationinclude:

• Decrypting MIP-protected documents and emails. Other DLP control points in Network, Storage, and Cloud alreadysupport this feature.

• Suggesting MIP labels based on DLP policy.• Enforcing MIP labels based on DLP policy.The following sections provide details about the MIP integration features in Data Loss Prevention 15.8.

Manage MIP classification and decryption credential profiles in the EnforceServer administration console and the Cloud Management PortalYou can configure an MIP classification credential profile and one or more MIP decryption credential profiles on theSystem > Settings > MIP Credential Profiles screen of the Enforce Server administration console.

The Enforce Server uses the classification credentials to import the classification labels from the MIP portal. Afterclassification synchronization is completed, you can use the available labels and sub-labels to configure response actionsto recommend labels to endpoint users or automatically apply labels to supported file types. You can configure only oneMIP classification credential profile.

You can configure more than one MIP decryption credential profile. The decryption credentials that you configure musthave sufficient privileges to decrypt all documents and emails that flow through a specific control point.

• Network and Storage detection servers use the decryption credential to inspect files that are encrypted by MicrosoftInformation Protection.

• The Cloud detection service uses the decryption credential specified in the Cloud Management Portal.• The DLP Agent prompts the end user for decryption credentials on the Endpoint.

Import MIP tags in the Enforce Server administration consoleData Loss Prevention can connect to the MIP portal and pull down both the GLOBAL and SCOPED policy labels(including their SUB LABELS) into the Enforce Server administration console. Then, the DLP Policy Administrator canuse the Enforce Server administration console to select from the imported MIP labels to create policy detection rules.

This integration enables reading of MIP classification labels in documents and emails across Network, Storage,Cloud, and Endpoint.

9


Support for authoring an MIP classification-based Data Loss Prevention policycondition for the Endpoint, Network, Storage, and CloudPolicy authors can create a "Content Matches MIP Classification" policy that can detect specific MIP tags or labels indocuments and emails.

Enable MIP classification for Microsoft Office applications on endpointsAfter you configure an MIP classification credential profile on the Enforce Server, you can use the Classification tab inagent configurations to enable or disable classification for specific applications. Data Loss Prevention allows you to enableand disable MIP classification in the following applications:

• Microsoft Excel• Microsoft PowerPoint• Microsoft WordIf you enable classification for any of these applications, you can use the Endpoint: MIP Classification response actionto recommend labels or apply specific labels to documents that are associated with those applications.

DLP Agent inspection of files and emails that are encrypted by MIPThe Settings tab in agent configurations now includes the Microsoft Information Protection section, which provides theEnable Data Loss Prevention to inspect files that are encrypted by MIP option. Select this option to enable the DLPAgent to inspect files and emails that are encrypted by MIP.

Decryption of MIP protected files on the endpoints by the DLP agent requires the DLP agent to prompt the endpoint userfor authenticating with MIP. After the user has successfully authenticated, the endpoint agent can seamlessly inspectencrypted documents and emails for sensitive content and then allow or block based on DLP policy.

NOTEThe DLP Agent supports the inspection of MIP-encrypted emails on Windows endpoints only.

Until the time that the endpoint user authenticates with MIP there is the following setting which specifies if the agentshould block or allow the file transfer. In previous releases of DLP, the agent allowed MIP protected files to be transferred.The default setting for this release is to block file transfer and prompt the user to sign in.

In DLP Agent configurations, the PostProcessor.MIP_DEFAULT_ACTION.int advanced setting specifies whetheruser actions are blocked or allowed when users attempt to copy or transfer files that are encrypted by MicrosoftInformation Protection.

By default, the RMS encrypted document copy is blocked if the user is not already authenticated.

The default of the PostProcessor.MIP_DEFAULT_ACTION.int advanced setting is 1. This blocks encrypted filesfrom being copied or transferred. To allow users to copy and transfer files that are encrypted by MIP, set the value to 0.

DLP Agent support for using a network proxy to connect to the MIP portalThe DLP Agent must be able to connect to the Microsoft Information Protection portal on the Internet so that it canvalidate the labels that are are recommended or applied. In addition, users must occasionally authenticate to MIP withtheir Microsoft Azure AD credentials.

You can enable the DLP Agent to use a network proxy to connect to the MIP portal by configuring the Proxy section onthe Settings tab of the agent configuration.

10


For network proxies that require authentication, you must save the authentication credentials in the agent configurationbefore configuring your proxy settings. By default, agents are configured to either not use a network proxy, or to assumethat a transparent proxy exists.

NOTE

For information about making sure that your network proxy is configured correctly for Microsoft InformationProtection, refer to the Microsoft documentation.

https://docs.microsoft.com/en-us/information-protection/develop/faqs-known-issues#error-proxyautherror-exception.

https://docs.microsoft.com/en-us/azure/information-protection/requirements#firewalls-and-network-infrastructure

Enable Enforce Server and detection server support for using a network proxy toconnect to the MIP portalThe Enforce Server must be able to connect to the Microsoft Information Protection portal on the Internet so that it canfetch classification labels. In addition, detection servers must be able to connect to the MIP portal so that they can validatethe decryption credentials that are used to inspect files that are encrypted by MIP.

You can enable the Enforce Server and detection servers to use a network proxy to connect to the Microsoft InformationProtection portal by configuring the Enforce to Cloud Proxy Settings section on the System > General > Settings pageof the Enforce Server administration console.

For network proxies that require authentication, you must save the authentication credentials in the Enforce Serveradministration console before configuring your proxy settings. By default, detection servers are configured to either notuse a network proxy, or to assume that a transparent proxy exists.

For information about making sure that your network proxy is configured correctly, refer to the Microsoft documentation.

See https://docs.microsoft.com/en-us/information-protection/develop/faqs-known-issues#error-proxyautherror-exception.

Network and Storage support for inspecting files and emails that are encryptedby MIPNetwork and Storage control points support the inspection of files and emails that are encrypted by MIP and canread labels that were applied using MIP. Support is available for file shares, SharePoint, Exchange, and Web serverscanners. You must configure an MIP decryption credential profile in the the Enforce Server administration console.

For Cloud control points, you configure an MIP decryption credential profile in the Cloud Management Portal.

NOTENetwork Discover/Cloud Storage Discover does not support MIP classification of files. Network Discoversupports the MIP integration with File System, SharePoint, Exchange and Web server scanner.

Endpoint features in Data Loss Prevention 15.8In addition to the MIP integration capabilities for DLP Endpoint described elsewhere in the What's New guide, thefollowing new features for Endpoint are included in Data Loss Prevention 15.8.

LiveUpdate improvementsLiveUpdate now supports the deployment of agent hotfixes on macOS endpoints.

Symantec Data Loss Prevention 15.8 also introduces several new options that grant you more granular control over whichagents receive updates, and when.

11

https://docs.microsoft.com/en-us/information-protection/develop/faqs-known-issues#error-proxyautherror-exceptionhttps://docs.microsoft.com/en-us/information-protection/develop/faqs-known-issues#error-proxyautherror-exceptionhttps://docs.microsoft.com/en-us/azure/information-protection/requirements#firewalls-and-network-infrastructurehttps://docs.microsoft.com/en-us/information-protection/develop/faqs-known-issues#error-proxyautherror-exception


This enhancement enables you to choose whether agents receive a newly released update or not.

In the Enforce Server administration console, the new System > Agents > LiveUpdate screen allows you to creategroups of agents, called deployment groups. While adding agents to a deployment group, you can use several predefinedagent attributes to filter agents or create custom agent attributes.

After you create a deployment group, you can trigger an update for the agents that belong to that deploymentgroup. Deployment groups enable you to manage LiveUpdate for a large number of endpoints simultaneously. Usingdeployment groups, you can restrict updates to a specific group of endpoints, monitor the progress of agent updates for agroup of endpoints, and identify and troubleshoot update issues by generating reports.

After you initialize LiveUpdate, you can track the progress of the deployment and also generate a report that you can useto identify and troubleshoot deployment issues for individual agents.

In addition, you can navigate to System > Agents > Check for Updates to find out whether any new agent updates areavailable.

Support for Microsoft OneDrive within Microsoft Office ApplicationsWhen monitoring is enabled for cloud storage applications in the agent configuration, agents can monitor files that aresaved to Microsoft OneDrive from Microsoft Office applications.

Support for Box DriveWhen monitoring is enabled for cloud storage applications in the agent configuration, agents can monitor files that aresaved to mounted Box Drives.

Support for monitoring Microsoft Edge Chromium on Windows endpoints usingextensionsSymantec Data Loss Prevention now supports monitoring for Microsoft Edge Chromium on Windows endpoints usingthe Symantec extension. Monitoring support includes monitoring of HTTP and HTTPS traffic, clipboard activity, and fileoperations that are performed within the web browser.

To download the Symantec extension for monitoring Edge and Edge Chromium, visit the Microsoft Edge Add-ons store.You can also deploy the extension using a Group Policy Object.

Rearchitecture of Google Chrome monitoring for endpointsSymantec has rearchitected the Google Chrome monitoring solution for Windows and macOS endpoints to align withstandard extension-based approaches to monitoring.

In addition, the Enforce Server now reports when monitoring for Google Chrome has been disabled or tampered with.Endpoints on which the Google Chrome extension is not functional are now indicated to be in the Critical (red) state on theAgent Overview page of the Enforce Server administration console.

For Windows endpoints, you can use the ExtensionEnablement.INSTALL_BROWSER_EXTENSION.int agentadvanced setting to control whether the browser extension is installed automatically from the Chrome Web Store. Toconfigure Windows agents to install the extension automatically, enter a value of 1 (default value). If you want to deploythe extension on Windows endpoints using a Group Policy Object, enter a value of 0.

For macOS endpoints, after you enable monitoring for Google Chrome in the agent configuration, you can create an MDMconfiguration profile to deploy the extension on endpoints across your organization.

12

https://microsoftedge.microsoft.com/addons/detail/symantec-extension/lgliocaeggimgcpgbbejhdnbmajgaiiihttps://chrome.google.com/webstore/detail/symantec-extension/dehobbhellcfbmcaeppgfjhnldeimdph


Rearchitecture of Mozilla Firefox monitoring for macOS endpointsSymantec has rearchitected the Mozilla Firefox monitoring solutions for macOS endpoints, to align with standardextension-based approaches to monitoring.

In addition, the Enforce Server now reports when monitoring for Google Chrome and Mozilla Firefox has been disabled ortampered with on macOS endpoints. Endpoints on which the Google Chrome extension or the Mozilla Firefox extensionis not functional are now indicated to be in the Critical (red) state on the Agent Overview page of the Enforce Serveradministration console.

You can deploy the new browser extensions using MDM settings.

Rearchitecture of Microsoft Outlook monitoring for macOS endpointsThe Microsoft Outlook monitoring solution has been rearchitected for compatibility with the changes in macOS 11. Thenew on-send web add-in for Outlook on macOS endpoints enables the new DLP Agent to monitor emails and calendarevents that are created and sent using Microsoft Outlook and Outlook Web Access. You deploy the add-in using theMicrosoft 365 Admin Center.

NOTETo enable monitoring for Outlook Web Access in Mozilla Firefox on macOS endpoints, you must also deploy thenew Mozilla Firefox extension using MDM settings.

When you upgrade the DLP Agent for macOS to version 15.8, by default, Outlook monitoring is configured to use the add-in model.

If you prefer to monitor Outlook on macOS 10.14 and 10.15 endpoints using the application hooking method, set the valueof the Outlook.MONITOR_TECHNIQUE agent advanced setting to 0 (default). If you prefer to enable Outlook monitoringusing the on-send web add-in, set the value to 1.

Alternatively, you can configure separate agent groups for agents that use the add-in and for agents that use applicationhooking.

Filtering for multiple endpoints on the Agent List pageOn the Agent List page of the Enforce Server administration console, you can now filter and view information for multipleagents using search box of the Machine column.

You can enter full or partial endpoint names in the search box. Use commas to separate each search keyword.

Allow Microsoft Outlook emails encrypted with S/MIME to be sentYou can use the Email.IGNORE_SMIME.int advanced setting in agent configurations to make agents ignore S/MIME-encrypted emails without getting blocked on the endpoints. This allows an email to be encrypted by an upstreamencryption server before delivering it to its recipients.

By default, the Email.IGNORE_SMIME.int advanced setting has a value of 0. To ignore the S/MIME-encrypted emails,set the value to 1.

Enforce Server and platform features in Data Loss Prevention 15.8

Age-based filtering and incidentsAbility to filter incidents based on their age and last update date.

13


You can filter your incidents based on their age using the Older Than filter. The filter provides the option to search onincident age based on days, weeks, months, quarters, and years. This filter provides a way to delete incidents based ontheir age.

You can filter your incidents based on the last time they were updated using the Not Updated In filter. The filter allows youto display incidents that have not been updated in the specified number of days, weeks, months, quarters, and years.

Phased migration during upgradeYou can now upgrade Data Loss Prevention servers in two phases. Upgrading in two phases allows you to identify andresolve migration issues without shutting down services which can reduce system downtime.

Preparation

During the preparation period for upgrading, you can run the Update Readiness Tool (URT) to analyze data (in additionto analyzing the table structure which it did in previous versions). The process lists the potential issues with the databasethat you address before migrating to Symantec Data Loss Prevention 15.8.

The URT identifies data that is no longer compatible with the new schema. Analyzing data helps identify potentialproblems before the migration process is started. If you find problems with the database, you can fix them while keepingthe previous version Enforce Server up and running. In previous Data Loss Prevention versions, issues that were relatedto LOB data (for example, scan failures or deprecated features that are remaining in LOB data) caused the migration tofail. During this time, the Enforce Server was not up and running.

Phase 1

During phase 1 of the upgrade, the Migration Utility runs pre-checks and migrates the file system without shutting downthe previous version services. The previous version services continue to run during and after the execution of phase 1.

This phase includes running a report to confirm the status of the file system. The report lists the filesystem status andidentifies potential issues. The report lists saved customizations. Saved customizations includes certificates, keystores,plugins, FlexResponse scripts, and configuration file settings.

Data files, document profiles, property files, plugins, and keystores are moved to the 15.8 instance during this phase.

Phase 2

During the final phase of the upgrade, services on the previous system are shutdown, pre-checks are completed, then themigration moves incidents, indexes, and the database.

Network Detection uptime protectionData Loss Prevention 15.8 provides the ability for Network Monitor, Network Prevent for Web, and Network Prevent forEmail to continue monitoring and detecting sensitive information during and after upgrade to future Data Loss Preventionversions.

Support for Red Hat Enterprise Linux 8Added support for Red Hat Enterprise Linux 8 on the Enforce Server and detection servers.

Support for Windows Server 2019Added support for Microsoft Windows Server 2019 on the Enforce Server and detection servers.

14


Ability to specify usage type for User GroupsWhen you create a User Group, you select the usage type: either for policy management or for roles. Based on userpermissions provided, administrators can add and edit both types of user groups. This feature provides more control overuser access to managing policies and roles.

Support for Oracle 19c Enterprise and Standard Edition 2You can deploy the Data Loss Prevention database on the following Oracle 19c databases:

• Oracle 19c Enterprise Edition.Support is included for the the latest Database Release Updates (RUs).

NOTEOracle RU 19.6.0.0.0 is only supported on Linux servers.

You must obtain software and support from Oracle. For implementation details, see the Symantec Data LossPrevention Oracle 19c Implementation Guide at the Tech Docs Portal.

• Oracle 19c Standard Edition 2. Support is included for the following Database Release Updates (RUs):Support is included for the the latest Database Release Updates (RUs), available from Symantec.

NOTEOracle RU 19.6.0.0.0 is only supported on Linux servers.

You can obtain the software from Symantec. For implementation details, see the Symantec Data Loss PreventionOracle 19c Implementation Guide at the Tech Docs Portal.

NOTESymantec recommends that you run the Oracle 19c Standard Edition 2 database on a supported versionof Windows or Linux. Symantec Data Loss Prevention supports running the Oracle 19c Standard Edition2 database on platforms that Oracle supports. See the Symantec Data Loss Prevention Oracle 19cImplementation Guide at the Tech Docs Portal.

Support for OpenJDK 8 Java Runtime Environment (JRE)You can deploy Symantec Data Loss Prevention with the OpenJDK 8 Java Runtime Environment (JRE). This replacesthe Oracle JDK. Symantec no longer provides installers for the JRE. Use the JREMigrationUtility to point to the latestsupported OpenJDK JRE version.

See the Symantec Data Loss Prevention Installation Guide available at Related Documents. The guide provides steps toinstall the OpenJDK 8 JRE on new installations or migrate to the OpenJDK 8 JRE on upgraded instances.

Email quarantine integration with Symantec Messaging GatewayWhen a message is released or deleted from quarantine, it is released or deleted for all recipients.

Support for installing EMDI, EDM, and IDM remote indexers on Linux systemsThe Red Hat Enterprise Linux 7.5 through 7.7 operating systems are supported for use with EMDI, EDM, and IDM remoteindexers.

End User Remediation in Data Loss Prevention 15.8

End User Remediation for decentralized incident remediationEnd User Remediation simplifies the management of incidents by decentralizing the incident remediation process. Anyonein your organization can be delegated with the responsibility of remediating an incident. Engaging more users enablesmore incident remediation and assigning the correct users to remediate reduces the overhead of incorrect remediation

15

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/information-security/data-loss-prevention/15-8/Related-Documents.htmlhttps://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/information-security/data-loss-prevention/15-8/Related-Documents.htmlhttps://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/information-security/data-loss-prevention/15-8/Related-Documents.htmlhttps://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/15-8/Related-Documents.html


when the remediation process is centralized. To use End User Remediation, there is no additional licensing requirementfor Data Loss Prevention. You will need to have a ServiceNow instance in your organization.

The DLP End User Remediation application needs to be deployed in your ServiceNow environment.

See About End User Remediation.

Discover features in Data Loss Prevention 15.8

Enhanced support for the web server scannerThe web server scanner is a general purpose tool which can be used to scan websites for sensitive information. Thescanner takes a best-effort approach to scan the website content and find sensitive information.

The web server scanner has been enhanced for DLP 15.8 with the following features:

• Now bundled with Discover Servers and Detection Servers, so there is no need to separately install the scanner. Thisreduces the time and effort to manage and execute the scans.

• Support for all DLP detection techniques including Sensitive Image Recognition (SIR).• Support has been extended for scanning websites using up to TLS v1.3, which is the latest version.• Enhanced management using the Enforce Server administration console, including starting/stopping the scan and

specifying the website to be scanned, which simplifies the management of scans from the Enforce Server.• Enhanced ability to support container file types (such as ZIP, Word, and others) that are handled in a special manner

by certain file repositories (such as Jive).

Network Discover support for Microsoft SharePoint 2019You can configure the Network Protect: Quarantine File automated response action to quarantine confidential files thatwere detected in SharePoint 2019 repositories, and use the Network Protect: Release from Quarantine smart responseaction to resolve SharePoint 2019-related incidents manually.

Removal of the Veritas Data Insight license fileThe Data Insight page in the Enforce Server administration console is now accessible to all Network Discover customerswithout a license file.

Symantec continues to support the interoperability between Veritas Data Insight and Symantec Data Loss Prevention.

Rewritten Folder Risk Report page to remove Adobe Flash dependencyThe Folder Risk Report page for Veritas Data Insight integration has been rewritten to remove a dependency on AdobeFlash, which Adobe no longer supports. In Data Loss Prevention 15.7, the page was declared as deprecated. However,because the page has been rewritten, the page is no longer considered to be deprecated.

Detection features in Data Loss Prevention 15.8

High-performance Office Open XML content extraction upgradeA high-performance Open Office XML content extraction upgrade is enabled by default in Data Loss Prevention 15.8 forthe Enforce Server indexer, the Remote IDM Indexer, all detection servers, and all 15.8 agents. The OOXML contentextractor is also enabled for the cloud detectors bound to 15.8 Enforce Servers, by default.

Once the Enforce Server and detection servers have been upgraded, IDM profiles must be reindexed.

16

https://store.servicenow.com/sn_appstore_store.do#!/store/application/ed40d76bdb84db00731c9972ca9619dc/1.0.1?referer=%252Fstore%252Fsearch%253Flistingtype%253Dallintegrations%25253Bancillary_app%25253Bcertified_apps%25253Bcontent%25253Bindustry_solution%25253Boem%25253Butility%2526q%253DSymantec%2520End%2520User&sl=shhttps://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/15-8/about-incident-remediation-vont_0025-d336e8/Overview-of-End-User-Remediation/About-End-User-Remediation.html


See the Symantec Data Loss Prevention Release Notes, Version 15.8 for more information.

DICOM file metadata detectionA DICOM file is an image saved in the Digital Imaging and Communications in Medicine (DICOM) format. These filescontain an image from a medical scan, such as an ultrasound or MRI. DICOM files may also include identification data(stored in the metadata area of the DICOM file) for patients so that the image is linked to a specific individual.

DICOM metadata detection in Symantec Data Loss Prevention can enable Big Data analysis, enable large healthcareusers to extent their ability to meet compliance requirements, and enable them to use their existing Data Loss Preventionpolicies and detection technologies (such as regex, keyword, EDM) across all Data Loss Prevention endpoint, network,and cloud channels.

XMP metadata detection for a variety of formatsXMP is an industry standard xml based metadata format for files. Many technology vendors put their own proprietary fileinformation in the XMP section of a file’s metadata area. For example, Microsoft puts MIP-related classification labels forPDF-based files in the XMP metadata area.

This feature extends detection to potentially sensitive data stored in the XMP format and located in the metadata area ofPDF, PNG, GIF, JPG, and TIFF files. You can use traditional Symantec Data Loss Prevention detection technologies suchas regex, keyword, and EDM for all channels including Endpoint, Network, and Cloud.

New and updated data identifiers in 15.8Symantec Data Loss Prevention 15.8 includes the following new data identifiers:

• Cyprus Passport Number• Ireland Driver Licence Number• Japan Bank Account Number• Japan Credit and Debit Card Number• Malta Driving Licence Number• Mexico Driver License Number• New Brunswick Driver's Licence Number• New Zealand Tax Identification Number• Philippines Passport Number• Prince Edward Island Driver's License Number• Romania Passport Number• Saskatchewan Driver's Licence Number• Singapore Driving Licence Number• Singapore Passport Number• Singapore Phone Number• Singapore Unique Entity Number (UEN)• UK Unique Taxpayer Reference Number (UTR)• US Driver License Number - LA State

The following data identifiers have been renamed in Symantec Data Loss Prevention 15.8:

Old data identifier name New data identifier name

Australia Driver's License Number Australia Driver Licence NumberAustralian Business Number Australia Business Number (ABN)Australian Company Number Australia Company Number (ACN)

17

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/information-security/data-loss-prevention/generated-pdfs/Symantec_DLP_15.8_Release_Notes.pdf



Australian Medicare Number Australia Medicare NumberAustralian Passport Number Australia Passport NumberAustralian Tax File Number Australia Tax File Number (TFN)Austrian Social Security Number Austria Social Security NumberBelgian National Number Belgium National Identity NumberBelgium Driver's Licence Number Belgium Driver Licence NumberBosniaHerzegovina Unique Master Citizen Number Bosnia-Herzegovina Unique Master Citizen NumberBrazilian Election Identification Number Brazil Election Identification NumberBrazilian National Registry of Legal Entities Number Brazil National Registry of Legal Entities Number (CNPJ)Brazilian Natural Person Registry Number Brazil Natural Person Registry Number (CPF)Bulgarian Uniform Civil Number - EGN Bulgaria Uniform Civil Number (EGN)Burgerservicenummer Netherlands Burgerservicenummer (Citizen Service Number)Canada Driver's License Number Canada Driver Licence NumberCanadian Social Insurance Number Canada Social Insurance Number (SIN)Chilean National Identification Number Chile National Identification Number (RUN)China Passport Number People's Republic of China Passport NumberCodice Fiscale Italy Codice Fiscale (Fiscal Code)Colombian Addresses Colombia AddressColombian Cell Phone Number Colombia Cell Phone NumberColombian Personal Identification Number Colombia Personal Identification NumberColombian Tax Identification Number Colombia Tax Identification NumberCroatia National Identification Number Croatia Personal Identification NumberCUSIP Number CUSIP (Uniform Securities Identification Procedures) NumberCzech Republic Driver's Licence Number Czech Republic Driver Licence NumberDriver License Number - VT State US Driver License Number - VT StateDriver License Number MD State US Driver License Number - MD StateDriver License Number- CT State US Driver License Number - CT StateDriver License Number- Guam US Driver License Number - GuamDriver License Number- IN State US Driver License Number - IN StateDriver License Number- KS State US Driver License Number - KS StateDriver License Number- KY State US Driver License Number - KY StateDriver License Number- MA State US Driver License Number - MA StateDriver License Number- MI State US Driver License Number - MI StateDriver License Number- MN State US Driver License Number - MN StateDriver License Number- MO State US Driver License Number - MO StateDriver License Number- MS State US Driver License Number - MS StateDriver License Number- MT State US Driver License Number - MT StateDriver License Number- ND State US Driver License Number - ND StateDriver License Number- NE State US Driver License Number - NE StateDriver License Number- NH State US Driver License Number - NH State

18



Driver License Number- OH State US Driver License Number - OH StateDriver License Number- RI State US Driver License Number - RI StateDriver License Number- VA State US Driver License Number - VA StateDriver License Number- WV State US Driver License Number - WV StateDriver's License Number- AR State US Driver License Number - AR StateDriver's License Number- AZ State US Driver License Number - AZ StateDriver's License Number- CA State US Driver License Number - CA StateDriver's License Number- DC State US Driver License Number - DC StateDriver's License Number- FL State US Driver License Number - FL StateDriver's License Number- HI State US Driver License Number - HI StateDriver's License Number- IA State US Driver License Number - IA StateDriver's License Number- ID State US Driver License Number - ID StateDriver's License Number- IL State US Driver License Number - IL StateDriver's License Number- NJ State US Driver License Number - NJ StateDriver's License Number- NY State US Driver License Number - NY StateDriver's License Number- OK State US Driver License Number - OK StateDriver's License Number- OR State US Driver License Number - OR StateDriver's License Number- US Virgin Islands US Driver License Number - US Virgin IslandsDriver's License Number- WA State US Driver License Number - WA StateDriver's License Number- WI State US Driver License Number - WI StateEstonia Driver's Licence Number Estonia Driving Licence NumberEstonia Personal Identification Number Estonia Personal Identification CodeFinland Driver's Licence Number Finland Driving Licence NumberFinnish Personal Identification Number Finland Personal Identitification NumberFrance Driver's Licence Number France Driver Licence NumberFrench INSEE code France INSEE codeFrench Passport Number France Passport NumberFrench Social Security Number France Social Security NumberGerman Passport Number Germany Passport NumberGerman Personal ID Number Germany Personal ID NumberGermany Driver's Licence Number Germany Driver Licence NumberGreek Tax Identification Number Greece Tax Identification NumberHong Kong ID Hong Kong Identity Card (HKID) NumberHungarian Social Security Number Hungary Social Security NumberHungarian Tax Identification Number Hungary Tax Identification NumberHungarian VAT Number Hungary VAT NumberHungary Driver's Licence Number Hungary Driver Licence NumberIndian Aadhaar Card Number India Aadhaar Card Number (National Idenitification Number)Indian Permanent Account Number India Permanent Account Number (PAN)Indonesian Identity Card Number Indonesia Identity Card Number

19



International Mobile Equipment Identity Number International Mobile Equipment Identity Number (IMEI)Irish Personal Public Service Number Ireland Personal Public Service NumberItaly Driver's Licence Number Italy Driver Licence NumberJapan Driver's License Number Japan Driver License NumberJapanese Juki-Net Id Number Japan Juki-Net Identification NumberJapanese My Number - Corporate Japan My Number - CorporateJapanese My Number - Personal Japan My Number - PersonalKorea Residence Registration Number for Korean Korea Residence Registration Number for KoreansLatvia Driver's Licence Number Latvia Driver Licence NumberMalaysian MyKad Number (MyKad) Malaysia MyKad Number (National Identification Number)Mexican Personal Registration and Identification Number Mexico Personal Registration and Identification NumberMexican Tax Identification Number Mexico Tax Identification NumberMexican Unique Population Registry Code Mexico Unique Population Registry Code (CURP)Mexico CLABE Number Mexico CLABE Number (Standardized Banking Code)Netherlands Driver's Licence Number Netherlands Driver Licence NumberNew Zealand Driver's License Number New Zealand Driver License NumberNorway Driver's Licence Number Norway Driver Licence NumberNorwegian Birth Number Norway Birth NumberPeople's Republic of China ID People's Republic of China Resident Identity Card NumberPoland Driver's Licence Number Poland Driver Licence NumberPolish Identification Number Poland Identification NumberPolish REGON Number Poland REGON NumberPolish Social Security Number (PESEL) Poland Social Security Number (PESEL)Polish Tax Identification Number Poland Tax Identification NumberPortugal Driver's Licence Number Portugal Driver Licence NumberRandomized US Social Security Number (SSN) US Randomized Social Security Number (SSN)Romania Driver's Licence Number Romania Driver Licence NumberRomanian Numerical Personal Code Romania Numerical Personal CodeRussian Passport Identification Number Russia Passport Identification NumberRussian Taxpayer Identification Number Russia Taxpayer Identification NumberSingapore NRIC Singapore National Registration Identity Card (NRIC)Slovakia Driver's Licence Number Slovakia Driver Licence NumberSouth African Personal Identification Number South Africa Personal Identification NumberSpain Driver's Licence Number Spain Driver Licence NumberSpanish Customer Account Number Spain Customer Account NumberSpanish DNI ID Spain DNI IDSpanish Passport Number Spain Passport NumberSpanish Social Security Number Spain Social Security NumberSpanish Tax ID (CIF) Spain Tax Identification Number (CIF)Sweden Driver's Licence Number Sweden Driver Licence Number

20



Swedish Passport Number Sweden Passport NumberSwiss AHV number Switzerland AHV numberSwiss Social Security Number (AHV) Switzerland Social Security Number (AHV)Turkish Identification Number Turkey Identification NumberUK Driver's Licence Number UK Driving Licence NumberUK Tax ID Number UK Tax Identification NumberUkraine Identity Card Ukraine Individual Identification NumberUkraine Passport (Domestic) Ukraine Passport (Domestic) NumberUkraine Passport (International) Ukraine Passport (International) NumberUS Zip+4 Postal Codes US Zip+4 Postal CodeVenezuela Driving License Number Venezuela Driver License NumberVenezuela National ID Number Venezuela National Identification Number

The following data identifiers have been updated in 15.8:

Data identifier Details of change

Canada Driver's License Number Updated the keyword list.Canada Government Identification Card Number Updated the keyword list.Canada Social Insurance Number • Removed the Luhn Check validator from the wide breadth

• Added the Exclude Beginning Characters validator to thewide breadth.

• Added the Duplicate Digits validator to the wide and narrowbreadths.

Chile National Identification Number • Updated the keyword list.• Added the Exclude Beginning Characters validator to the

narrow breadth.

Colombia Cell Phone Number Added the Require Beginning Characters validator to the widebreadth.

Colombia Personal Identification Number Added the Exclude Beginning Characters, Exclude Prefix, andExclude Suffix validators to the wide breadth.

Colombia Tax Identification Number Added the Require Beginning Characters and Exclude Prefixvalidators to the wide breadth.

Czech Republic Personal Identification Number Added the Exclude Beginning Characters validator to the wideand narrow breadths.

Denmark Personal Identification Number Changed the Data Normalizer to Digits.European Health Insurance Card Number Removed the Exclude Ending Characters validator from the

wide and narrow breadths.Finland Driver's License Number Updated the pattern list.Germany Tax Identification Number Updated the pattern list.Ireland Personal Public Service Number Updated the pattern list.Israel Identification Number Removed the Number Delimiter validator from the medium

breadth.Italian Passport Number Updated the pattern list.

21


Data identifier Details of change

Japan Passport Number Updated the pattern listKorea Passport Number Updated the pattern list.Latvia Value Added Tax (VAT) Number Removed the Lithuania Value Added Tax (VAT) Number

Validation Check validator from the wide and narrow breadths.Luxembourg Passport Number Updated the pattern list.Russia Military Identity Number • Updated the pattern list.

• Updated the keyword list.Singapore National Registration Identity Card (NRIC) • Removed the Singapore NRIC validator from the wide

breadth.• Updated the pattern list in the wide breadth.• Added the Number Delimiter validator in the wide breadth.• Added a medium breadth and a narrow breadth.

SEPA Creditor Identifier Number North Updated the pattern list.SEPA Creditor Identifier Number West Updated the pattern list.SEPA Creditor Identifier Number South Updated the pattern list.Spain Driver Licence Number Removed theFind keywords validator from the wide breadth.SWIFT Code Deleted the Find keywords validator from the wide breadth.US Driver License Number - AR State Changed the Category to North America Personal Identity.UK Passport Number • Removed the Find keywords validator from the medium

breadth.• Removed the duplicateFind keywords validator from the

narrow breadth.

US Driver License Number - DC State Changed the Category to North America Personal Identity.US Driver License Number - FL State Updated the pattern list.US Driver License Number - IA State Updated the pattern list.US Driver License Number - ID State Updated the pattern list.US Driver License Number - MD State Changed the Category to North America Personal Identity.US Driver License Number - MI State Updated the pattern list.US Driver License Number - MN State Updated the pattern list.US Driver License Number - MS State Changed the Category to North America Personal Identity.US Driver License Number - NY State Updated the keyword list.US Driver License Number - OK State Changed the Category to North America Personal Identity.US Driver License Number - VA State Changed the Category to North America Personal Identity.Venezuela Driving License Number Changed the Data Normalizer to Digits and Letters.

Cloud features in Data Loss Prevention 15.8

Cloud email quarantine and release integration with Email Security.cloudQuarantine and release functionality that is currently available in Data Loss Prevention for on-premises emails throughintegration with Symantec Mail Gateway (SMG) is now extended to the cloud using Email Security.cloud.

22


With this integration, you can quarantine emails with sensitive information using the Enforce Server administrationconsole. You can use Smart Response rules to review and remediate the emails and then release or delete the emailsfrom quarantine.

Language support in Data Loss Prevention 15.8

Important changes to language support in Data Loss Prevention 15.8The Enforce Server management console was previously provided in multiple languages, including:

• English• Brazilian Portuguese• Spanish• French• Japanese• German• Italian• Chinese (Traditional and Simplified)• Korean• RussianBeginning with Data Loss Prevention 15.7 MP1 and continuing through DLP 15.8 and subsequent releases, only thefollowing languages are supported for the Enforce Server user interface and product documentation (online help andPDFs):

• English• Brazilian Portuguese• Spanish• French• JapaneseSupport for other languages is deprecated. While language packs will be available for all languages for Data LossPrevention 15.8 and subsequent releases, new text on existing pages or on new pages in the Enforce Serveradministration console will not be translated, and will appear in English, for these language packs:

• German• Italian• Chinese (Traditional and Simplified)• Korean• RussianFor those languages that are supported version 15.8, as listed previously, all new text will be translated.

Longer term, Symantec may discontinue providing language packs for the deprecated languages.

NOTEProduct documentation, including online help and PDFs, was not translated for Data Loss Prevention 15.7.x.There will be translations for product documentation in subsequent releases, for the listed supported languages.

Symantec continually assesses customer requirements, so if your organization desires support for one of the deprecatedlanguages, contact the Data Loss Prevention product team through Support or your account team. Symantec will consideryour request and reevaluate the list of deprecated languages.

23


The deprecation of support for Enforce Server administration console languages does not affect other areas of DataLoss Prevention language support. You will continue to have the ability to detect sensitive data in all languages that arecurrently supported. You will also continue to be able to display the Endpoint notification pop-up dialog in all supportedlanguages.

Removed and deprecated platforms and features

Information Centric Encryption (ICE)

Support for ICE is removed.

Removed platform support for Endpoint

Table 8: Removed platforms for Endpoint

Platform Notes

macOS 10.12 and 10.13

Removed Data Loss Prevention Platform support

Table 9: Removed DLP Platform support in Data Loss Prevention 15.8

Platform/feature Notes

Oracle 11.2 databases Oracle Database 19c is supported for use with SymantecData Loss Prevention. Symantec strongly recommends thatyou migrate your Symantec Data Loss Prevention databaseto Oracle Database 19c as soon as possible.

Oracle 12.2.0.1 databases Oracle Database 19c is supported for use with SymantecData Loss Prevention. Symantec strongly recommends thatyou migrate your Symantec Data Loss Prevention databaseto Oracle Database 19c as soon as possible.

Amazon RDS for Oracle 12.2.0.1

Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 is no longer supported startingwith Data Loss Prevention 15.8.

Red Hat Enterprise Linux 7.3 and 7.4 Red Hat Enterprise Linux 7.3 and 7.4 is no longer supportedstarting with Data Loss Prevention 15.8.

Windows Server 2008 R2 64-bit

Removed platforms and features for Network Discover

Table 10: Removed platforms and features in Data Loss Prevention 15.8 for Network Discover


Installation of scanners on 32-bit operating systemsMicrosoft Outlook Personal folders (.pst files) that were created withOutlook 2010Network shares that reside on Microsoft Windows Server 2008 R2 SP1

24



IBM Lotus Notes 8.5.xMicrosoft SharePoint 2010 SP2Microsoft Exchange Server 2010 SP3Microsoft Exchange Server 2013 The latest service pack is supported.

Documentum Content Server All versions.

OpenText (LiveLink) Server All versions.

File system scanners running on Solaris SPARC 10 Enforce Server 15.8 provides backward compatibilitywith the Solaris SPARC 10 scanner that was providedwith Data Loss Prevention 15.7. You can continue usingexisting Solaris SPARC 10 scanners that were provided withversion 15.7

File system scanners running on Windows Server 2008 R2Oracle 11g (11.2.x) database targetsSQL Server 2014 and 2016 SQL database targets Only the latest service packs are supported: SQL

Server 2014 SP3 and SQL Server 2016 SP2.Red Hat Enterprise Linux 6.x file system scanner targetSMB 1.0 on Windows Server 2012 R2 and Windows Server 2016 for filesystem targets

Removed support for languages

The following language packs are no longer supported for the Enforce Server administration console user interface:

• Chinese (Simplified)• Chinese (Traditional)• German• Italian• Korean• Russian

25


Copyright statement

Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom.

Copyright ©2021 Broadcom. All Rights Reserved.

The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visitwww.broadcom.com.

Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability,function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom doesnot assume any liability arising out of the application or use of this information, nor the application or use of any product orcircuit described herein, neither does it convey any license under its patent rights nor the rights of others.

26

http://www.broadcom.com

What's New and Changed in Symantec Data Loss Prevention 15.8 Table of ContentsIntroducing Symantec Data Loss Prevention 15.8About What's New in DLP 15.8Summary of new and changed featuresEnhanced MIP and Data Loss Prevention integrationEndpoint featuresEnforce Server and platform featuresEnd User Remediation: (incident management)Discover featuresDetection featuresCloud featuresLanguage support in Data Loss Prevention

New and changed features in Data Loss Prevention 15.8Enhanced MIP and Data Loss Prevention integrationManage MIP classification and decryption credential profiles in the Enforce Server administration console and the Cloud Management PortalImport MIP tags in the Enforce Server administration consoleSupport for authoring an MIP classification-based Data Loss Prevention policy condition for the Endpoint, Network, Storage, and CloudEnable MIP classification for Microsoft Office applications on endpointsDLP Agent inspection of files and emails that are encrypted by MIPDLP Agent support for using a network proxy to connect to the MIP portalEnable Enforce Server and detection server support for using a network proxy to connect to the MIP portalNetwork and Storage support for inspecting files and emails that are encrypted by MIP

Endpoint features in Data Loss Prevention 15.8LiveUpdate improvementsSupport for Microsoft OneDrive within Microsoft Office ApplicationsSupport for Box DriveSupport for monitoring Microsoft Edge Chromium on Windows endpoints using extensionsRearchitecture of Google Chrome monitoring for endpointsRearchitecture of Mozilla Firefox monitoring for macOS endpointsRearchitecture of Microsoft Outlook monitoring for macOS endpointsFiltering for multiple endpoints on the Agent List pageAllow Microsoft Outlook emails encrypted with S/MIME to be sent

Enforce Server and platform features in Data Loss Prevention 15.8Age-based filtering and incidentsPhased migration during upgradeNetwork Detection uptime protection

Support for Red Hat Enterprise Linux 8Support for Windows Server 2019Ability to specify usage type for User GroupsSupport for Oracle 19c Enterprise and Standard Edition 2Support for OpenJDK 8 Java Runtime Environment (JRE)Email quarantine integration with Symantec Messaging GatewaySupport for installing EMDI, EDM, and IDM remote indexers on Linux systems

End User Remediation in Data Loss Prevention 15.8End User Remediation for decentralized incident remediation

Discover features in Data Loss Prevention 15.8Enhanced support for the web server scannerNetwork Discover support for Microsoft SharePoint 2019Removal of the Veritas Data Insight license fileRewritten Folder Risk Report page to remove Adobe Flash dependency

Detection features in Data Loss Prevention 15.8High-performance Office Open XML content extraction upgradeDICOM file metadata detectionXMP metadata detection for a variety of formatsNew and updated data identifiers in 15.8

Cloud features in Data Loss Prevention 15.8Cloud email quarantine and release integration with Email Security.cloud

Language support in Data Loss Prevention 15.8Important changes to language support in Data Loss Prevention 15.8

Removed and deprecated platforms and features

Copyright statement