Data Loss Prevention

 View Only

  • 1.  Network Discover Scan Freezes

    Posted Aug 17, 2017 09:03 AM

    At least that's what appears to happen. Enforce reports the scan is in progress, running on the specified server, but the bytes scanned count stops incrementing. The last scan I started was a simple one. Search for a set of specific files on our USERS share using credentials created for this type of activity. I started it on the 16th at 3:23pm, by 3:25pm it had scanned slightly over 10GB, then nothing. No error, no warning. I let it run overnight. Checked it this morning, nothing had changed. Bytes scanned count still the same. Enforce reporting it was scanning on the specified server. I'm brand new to DLP, so to me, this is weird.

    Any suggestions? 



  • 2.  RE: Network Discover Scan Freezes
    Best Answer

    Posted Aug 18, 2017 10:18 AM

    Check the ScanDetail log on the Discover server that ran the task for clues. Look in \SymantecDLP\Protect\logs for ScanDetail-DiscoverTaskName0.log. The log file name with the zero in it will be the log file that is being created as the scan runs, or, it will be the last log file created from a scan. 



  • 3.  RE: Network Discover Scan Freezes

    Posted Aug 25, 2017 02:05 PM

    Here's the last few entries in log file SRHS-Share-USERS-Hacking-Tools0.log. I'm not seeing any clue. It looks like its running fine, then, nothing and it sat like that for 4 days. I finally stopped the scan.

    "Aug 18, 2017 11:31:03 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Black/Black.dll","552960","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:03 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Blue/Blue.ESkin","12066","Include Path Filter","","",""
    "Aug 18, 2017 11:31:03 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Blue/Blue.dll","544768","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Caramel/Caramel.ESkin","12062","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Caramel/Caramel.dll","401408","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/High Contrast Black/High Contrast Black 17x17.png","345","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/High Contrast Black/High Contrast Black 41x41.png","367","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/High Contrast Black/High Contrast Black.ESkin","12162","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/High Contrast Black/High Contrast Black.dll","331776","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/High Contrast White/High Contrast White 17x17.png","409","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/High Contrast White/High Contrast White 41x41.png","375","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/High Contrast White/High Contrast White.ESkin","12199","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/High Contrast White/High Contrast White.dll","319488","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Holiday/Holiday 17x17.png","951","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Holiday/Holiday 41x41.png","3902","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Holiday/Holiday.ESkin","12066","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Holiday/Holiday.dll","774144","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/McTheme/McTheme 17x17.png","766","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/McTheme/McTheme 41x41.png","1710","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/McTheme/McTheme.ESkin","12051","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/McTheme/McTheme.dll","421888","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Money Twins/Money Twins.ESkin","12204","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/Money Twins/Money Twins.dll","606208","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/fi-Theme/fi-Theme 17x17.PNG","463","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/fi-Theme/fi-Theme 41x41.PNG","910","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/fi-Theme/fi-Theme.ESkin","12192","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/fi-Theme/fi-Theme.dll","401408","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/iMaginary/iMaginary.ESkin","12054","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/Themes/iMaginary/iMaginary.dll","409600","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/_setup.dll","368772","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/autorun.inf","25","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/data1.cab","2178877","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/data1.hdr","915373","Include Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/data2.cab","135786954","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/layout.bin","493","Size Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/setup.exe","459432","Size Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/setup.ini","656","Exclude Path Filter","","",""
    "Aug 18, 2017 11:31:04 AM","INFO","SHRS Share: USERS - Hacking Tools 08/18/17 - 11:20 AM","FILTERED_ITEM","//srhsstore/users/B27757/Desktop/KofaxExpress-3.1.0/setup.isn","256664","Include Path Filter","","",""
    "Aug 22, 2017 1:59:28 PM","INFO","","ABORTED_SCAN"," ","0","","","",""

     



  • 4.  RE: Network Discover Scan Freezes

    Posted Sep 01, 2017 11:28 AM

    Opened a case with Support. Let's see if they can figure it out.



  • 5.  RE: Network Discover Scan Freezes

    Trusted Advisor
    Posted Sep 05, 2017 08:08 PM

    Djacobs,

    I would make sure you have the Exclude Filters in place for the files. This will make the scans run fatser and eliminate scanning certain files (exe, etc).

    Search the online help for "Exclude" or "Exclusion" and you will see a built in list.

    You can also configure the file size limitation.

    Also there might be a large ZIP file that is causing it to Abort. Zip files will be exploded and then inspected so this can cause some issues if it runs our of memory or drive space.

    I woudl look at the last directory and see what else is in there (Size etc)

    Good Luck

    Ronak

    Please marked solved if possible.