Symantec DLP 14.6 System Requirements Guide

Symantec Data Loss
Prevention System
Requirements and
Compatibility Guide
Version 14.6
Last updated: 02 December 2016

Symantec Data Loss Prevention System
Requirements and Compatibility Guide
Documentation version: 14.6
Last updated: 02 December 2016
Legal Notice
Copyright 2016 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (Third Party Programs). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Contents
Chapter 1 About this guide .................................................................... 6

About updates to Symantec Data Loss Prevention system
requirements ........................................................................... 6
Chapter 2 System requirements and recommendations ................ 7

Deployment planning considerations .................................................. 7
The effect of scale on system requirements ................................... 8
Minimum system requirements for Symantec Data Loss Prevention
servers .................................................................................. 9
Small organization minimum hardware requirements ..................... 10
Small/medium enterprise minimum hardware requirements ............. 10
Large/very large enterprise minimum hardware
requirements ................................................................... 12
Operating system requirements for servers .................................. 14
Endpoint computer requirements for the Symantec DLP Agent .............. 18
Operating system requirements for endpoint systems .................... 18
Memory and disk space requirements for the Symantec DLP
Agent ............................................................................. 19
Symantec Data Loss Prevention for Mobile requirements ..................... 20
Supported languages for detection ................................................... 21
Available language packs ............................................................... 23
Oracle database requirements ........................................................ 24
Browser requirements for accessing the Enforce Server administration
console ................................................................................ 26
Requirements for using certificate authentication for single
sign-on ................................................................................. 26
Virtual server support .................................................................... 27
Virtual desktop and virtual application support with Endpoint
Prevent ................................................................................ 28
Third-party software requirements and recommendations ..................... 31
Contents 5
Chapter 3 Product compatibility ......................................................... 35

Environment compatibility and requirements for Network Prevent for
Email ................................................................................... 35
Proxy server compatibility with Network Prevent for Web ...................... 36
SSL monitoring ........................................................................... 38
Secure ICAP support for Network Prevent for Web using the stunnel
service ................................................................................. 38
High-speed packet capture cards .................................................... 39
Data Insight compatibility with Symantec Data Loss Prevention version
14.6 ..................................................................................... 39
Enterprise Vault compatibility with Symantec Data Loss Prevention
14.6 ..................................................................................... 40
Veritas Cluster Server compatibility .................................................. 41
Integrations with other Symantec products ......................................... 41
Network Discover/Cloud Storage Discover compatibility ....................... 43
Supported Box cloud storage targets .......................................... 43
Supported file system targets .................................................... 43
Supported IBM (Lotus) Notes targets .......................................... 44
Supported SQL database targets ............................................... 45
Supported SharePoint server targets .......................................... 45
Supported Exchange Server targets ........................................... 45
Supported file system scanner targets ........................................ 46
Supported Documentum (scanner) targets ................................... 47
Supported OpenText (Livelink) scanner targets ............................. 47
Supported web server (scanner) targets ...................................... 47
About Endpoint Data Loss Prevention compatibility ............................. 47
Endpoint Data Loss Prevention supported operating
systems .......................................................................... 47
Endpoint Prevent supported applications ..................................... 50
Mobile Prevent compatibility ........................................................... 58
Mobile Email Monitor compatibility ................................................... 61
Chapter 1
About this guide
This chapter includes the following topics:
About updates to Symantec Data Loss Prevention system requirements
About updates to Symantec Data Loss Prevention

system requirements
System requirements as described in this guide are occasionally updated as new
information becomes available. You can find the latest version of the Symantec
Data Loss Prevention System Requirements and Compatibility Guide at the following
link to the Symantec Support Center article.
http://www.symantec.com/docs/DOC9256
Be sure to subscribe to the article at the Support Center to be notified when there
are updates.
Chapter 2
System requirements and
recommendations
Deployment planning considerations
Minimum system requirements for Symantec Data Loss Prevention servers
Endpoint computer requirements for the Symantec DLP Agent
Symantec Data Loss Prevention for Mobile requirements
Supported languages for detection
Available language packs
Oracle database requirements
Browser requirements for accessing the Enforce Server administration console
Requirements for using certificate authentication for single sign-on
Virtual server support
Virtual desktop and virtual application support with Endpoint Prevent
Third-party software requirements and recommendations

Installation planning and system requirements for Symantec Data Loss Prevention
depend on:
The type and amount of information you want to protect
System requirements and recommendations 8
The amount of network traffic you want to monitor

The size of your organization
The type of Symantec Data Loss Prevention detection servers you choose to
install
These factors affect both:
The type of installation tier you choose to deploy (three-tier, two-tier, or single-tier)
The system requirements for your Symantec Data Loss Prevention installation
See The effect of scale on system requirements on page 8.
The effect of scale on system requirements

Some system requirements vary depending on the size of the Symantec Data Loss
Prevention software deployment. Determine the size of your organization and the
corresponding Symantec Data Loss Prevention deployment using the information
in this section.
The key considerations in determining the deployment size are as follows:
Number of employees to be monitored
Amount of network traffic to monitor
Size of Exact Data Match profile (EDM) or Indexed Data Match profile (IDM)
Size of your Form Recognition profile
The following table outlines three sample deployments based on enterprise size.
Review these sample deployments to understand which best matches your
organizations environment.
Table 2-1 Types of enterprise deployments
Variable Small Organization Small/Medium Large/Very Large

Enterprise Enterprise
Number of employees < 1000 < 10,000 > 10,000
Volume of network traffic to monitor 30-40 Mbps 30-40 Mbps > 40 Mbps
Table 2-1 Types of enterprise deployments (continued)
Variable Small Organization Small/Medium Large/Very Large

Enterprise Enterprise
EDM/IDM size EDM 4 million cells or See the Symantec Data See the Symantec Data
IDM 250 MB (1400 Loss Prevention Loss Prevention
files). See the Symantec Administration Guide for Administration Guide for
Data Loss Prevention information about EDM information about EDM
Administration Guide for and IDM sizing for and IDM sizing for
information about EDM enterprise deployments. enterprise deployments.
and IDM sizing for
enterprise deployments.
Form Recognition profile size See article See article See article
TECH235074 at the TECH235074 at the TECH235074 at the
Symantec Support Symantec Support Symantec Support
Center for information Center for information Center for information
about Form Recognition about Form Recognition about Form Recognition
sizing. sizing. sizing.
Hardware requirements See Small organization See Small/medium See Large/very large
minimum hardware enterprise minimum enterprise minimum
requirements hardware requirements hardware requirements
on page 10. on page 10. on page 12.
For additional related information see also Symantec Data Loss Prevention Network
Monitor and Prevent Performance Sizing Guidelines, available at the Symantec
Support Center at http://www.symantec.com/docs/DOC8253.
Minimum system requirements for Symantec Data

Loss Prevention servers
All Symantec Data Loss Prevention servers must meet or exceed the minimum
hardware specifications and run on one of the supported operating systems.
See Small organization minimum hardware requirements on page 10.
See Small/medium enterprise minimum hardware requirements on page 10.
See Large/very large enterprise minimum hardware requirements on page 12.
See Operating system requirements for servers on page 14.
If the Oracle database for Symantec Data Loss Prevention is installed on a dedicated
computer (a three-tier deployment), that system must meet its own set of system
requirements.
See Oracle database requirements on page 24.
Small organization minimum hardware requirements

The following table provides the system requirements for branch office or small
organization Single Server deployments.
Table 2-2
Required for Single Server Installation
Processor 8-core 2.5 GHz CPU
Memory 64 GB RAM
Disk 3 TB, RAID 5 configuration (with a minimum of five

spindles)
NICs 1 copper or fiber 1 Gb Ethernet NIC (if you are using

Network Monitor you will need a minimum of two NICs)
Small/medium enterprise minimum hardware requirements

The following table provides the system requirements for small and medium-size
enterprise systems.
Table 2-3 Small/medium enterprise minimum system requirements
Required for Enforce Server Network Monitor Network Discover/Cloud

Storage Discover,
Network Prevent, Cloud
Prevent for Email, Mobile
Email Monitor, Mobile
Prevent, Endpoint
Prevent, or Classification
Server
Processor 4-core 3.0 GHz CPU 4-core 3.0 GHz CPU 4-core 3.0 GHz CPU
Table 2-3 Small/medium enterprise minimum system requirements (continued)
Required for Enforce Server Network Monitor Network Discover/Cloud

Storage Discover,
Prevent for Email, Mobile
Email Monitor, Mobile
Prevent, Endpoint
Prevent, or Classification
Server
Memory 810 GB RAM (EDM/IDM 68 GB RAM (EDM/IDM and 68 GB RAM (EDM/IDM and
and Form Recognition profile Form Recognition profile size Form Recognition profile size
size can increase memory can increase memory can increase memory
requirements. See article requirements. See the requirements. See the
TECH235074 at the Symantec Data Loss Symantec Data Loss
Symantec Support Center for Prevention Administration Prevention Administration
information about Form Guide for information about Guide for information about
Recognition sizing.) EDM and IDM sizing. See EDM and IDM sizing. See
article TECH235074 at the article TECH235074 at the
Two-tier deployments may
Symantec Support Center for Symantec Support Center for
require additional memory for
information about Form information about Form
running Oracle.
Recognition sizing.) Recognition sizing.)
Disk 500 GB, RAID 1+0 or RAID 140 GB 140 GB

5 configuration is
For Network Discover/Cloud
recommended. RAID 5 is not
Storage Discover
recommended for computers
deployments, approximately
that host the Oracle
150 MB of disk space is
database.
required to maintain
For Network Discover/Cloud incremental scan indexes.
Storage Discover This is based on an overhead
deployments, approximately of 5 MB per incremental scan
150 MB of disk space is target and 50 bytes per item
required to maintain in the target.
incremental scan indexes.
This is based on an overhead
of 5 MB per incremental scan
target and 50 bytes per item
in the target.
NICs 1 copper or fiber 1 Gb/100 1 copper or fiber 1 Gb/100 1 copper or fiber 1 Gb/100
Mb Ethernet NIC to Mb Ethernet NIC to Mb Ethernet NIC to
communicate with detection communicate with the communicate with the
servers. Enforce Server. Enforce Server.

Large/very large enterprise minimum hardware requirements

The following table provides the system requirements for large and very large
enterprise systems.
Table 2-4 Large/Very Large enterprise minimum system requirements
Required For Enforce Server Network Monitor Network Discover/Cloud

Storage Discover,
Prevent for Email,
Mobile Email Monitor,
Mobile Prevent,
Endpoint Prevent, or
Classification Server
Processor 8-core 3.0 GHz CPU 8-core 3.0 GHz CPU 8-core 3.0 GHz CPU
Memory 1018 GB RAM (EDM/IDM 816 GB RAM (EDM/IDM 816 GB RAM (EDM/IDM
and Form Recognition and Form Recognition and Form Recognition
profile size can increase profile size can increase profile size can increase
memory requirements. See memory requirements. See memory requirements. See
the Symantec Data Loss the Symantec Data Loss the Symantec Data Loss
Prevention Administration Prevention Administration Prevention Administration
Guide for information about Guide for information about Guide for information about
EDM and IDM sizing. EDM and IDM sizing. EDM and IDM sizing.
See article TECH235074 at See article TECH235074 at See article TECH235074 at

the Symantec Support the Symantec Support the Symantec Support
Center for information about Center for information about Center for information about
Form Recognition sizing. Form Recognition sizing. Form Recognition sizing.
Two-tier deployments
require additional memory
for running Oracle.
Table 2-4 Large/Very Large enterprise minimum system requirements

(continued)
Required For Enforce Server Network Monitor Network Discover/Cloud

Storage Discover,
Prevent for Email,
Mobile Email Monitor,
Mobile Prevent,
Endpoint Prevent, or
Classification Server
Disk Requirements 1 TB, RAID 1+0 or RAID 5 140 GB 140 GB

configuration is
For Network Discover/Cloud
recommended. RAID 5 is
Storage Discover
not recommended for
deployments, approximately
computers that host the
1 GB of disk space is
Oracle database.
required to maintain
For Network Discover/Cloud incremental scan indexes.
Storage Discover This is based on an
deployments, approximately overhead of 5 MB per
1 GB of disk space is incremental scan target and
required to maintain 50 bytes per item in the
incremental scan indexes. target.
This is based on an
overhead of 5 MB per
incremental scan target and
50 bytes per item in the
target.
NICs To communicate with To communicate with the To communicate with the

detection servers: Enforce Server: Enforce Server:
1 copper or fiber 1 Gb/100 1 copper or fiber 1 Gb/100 1 copper or fiber 1 Gb/100

Mb Ethernet NIC Mb Ethernet Mb Ethernet NIC
For network traffic

monitoring (pick one):
1 copper or fiber 1 Gb/100

Mb Ethernet NIC.
High-speed packet capture n/a See High-speed packet n/a

cards capture cards on page 39.

Operating system requirements for servers

Symantec Data Loss Prevention servers can be installed on a supported Linux or
Windows operating system. Different operating systems can be used for different
servers in a heterogeneous environment. (The Classification detection server, used
with the Enterprise Vault Data Classification Services, is not supported on Linux
operating systems.)
Note: If you are using Windows Server 2012 R2, you must install two patches. See
Installing patches for Windows Server 2012 R2 on page 16.
Symantec Data Loss Prevention supports the following 64-bit operating systems
for Enforce Server and detection server computers:
Microsoft Windows Server 2008 R2 SP1, Enterprise Edition
Microsoft Windows Server 2008 R2 SP1, Standard Edition
Microsoft Windows Server 2012, Datacenter Edition
Microsoft Windows Server 2012, Standard Edition
Microsoft Windows Server 2012 R2, Datacenter Edition with patch. See Installing
patches for Windows Server 2012 R2 on page 16.
Microsoft Windows Server 2012 R2, Standard Edition with patch. See Installing
Microsoft Windows Server 2016, Standard Edition, Installing the Oracle database
on Windows Server 2016 is not supported.
Microsoft Windows Server 2016, Datacenter Edition. Installing the Oracle
database on Windows Server 2016 is not supported.
Red Hat Enterprise Linux 6.6 through 6.8
Red Hat Enterprise Linux 7.1 and 7.2
Operating system requirements for Single Server deployments

Symantec Data Loss Prevention supports the following 64-bit operating systems
for Single Server deployments:
Microsoft Windows Server 2008 R2 SP1, Enterprise Edition
Microsoft Windows Server 2008 R2 SP1, Standard Edition
Microsoft Windows Server 2012, Datacenter Edition
Microsoft Windows Server 2012, Standard Edition
Microsoft Windows Server 2016, Standard Edition. Installing the Oracle database
on Windows Server 2016 is not supported.
Microsoft Windows Server 2016, Datacenter Edition Installing the Oracle
database on Windows Server 2016 is not supported.
Red Hat Enterprise Linux 6.6 through 6.8
Red Hat Enterprise Linux 7.1 and 7.2
Note: Installing the Oracle database on Windows 2016 is not supported.
English language and localized versions of both Linux and Windows operating
systems are supported.
See Supported languages for detection on page 21.
See also the Symantec Data Loss Prevention Administration Guide for detailed
information about supported languages and character sets. You can find the
Symantec Data Loss Prevention Administration Guide at the Symantec Support
Center here: http://www.symantec.com/docs/DOC9261.
Operating system requirements for the domain controller agent

The domain controller agent enables you to resolve user names from IPv4 addresses
in HTTP/S and FTP incidents. See the Symantec Data Loss Prevention Installation
Guide for domain controller agent installation details.
Symantec Data Loss Prevention supports the following operating systems for the
domain controller agent:
Microsoft Windows Server 2008 R2, Enterprise Edition (64-bit)
Microsoft Windows Server 2008 R2, Standard Edition (64-bit)
Microsoft Windows Server 2008 R2 SP1, Enterprise Edition (64-bit)
Microsoft Windows Server 2008 R2 SP1, Standard Edition (64-bit)
Microsoft Windows Server 2012, Datacenter Edition (64-bit)
Microsoft Windows Server 2012, Standard Edition (64-bit)
Installing patches for Windows Server 2012 R2

If you use Windows Server 2012 R2, you must install two Microsoft patches,
KB2919355 and KB2919442.
To find out if patch KB2919355 is installed:

1. Go to Windows System and Security.
2. Click View install updates in the Windows upgrade section.
3. Confirm that patch 2919355 is installed.
If the patch is not installed, complete the following steps:

1. Go to
https://support.microsoft.com/en-us/kb/2919355
and install KB2919355.
2. Go to
https://support.microsoft.com/en-us/kb/2919442
and install KB2919442.
Linux partition guidelines

Minimum free space requirements for Linux partitions vary according to the specific
details of your Symantec Data Loss Prevention installation. The table below provides
general guidelines that should be adapted to your installation as circumstances
warrant. Symantec recommends using separate partitions for the different file
systems, as indicated in the table. If you combine multiple file systems onto fewer
partitions, or onto a single root partition, make sure the partition has enough free
space to hold the combined sizes of the file systems listed in the table.
Note: Partition size guidelines for detection servers are similar to those for Enforce
Server without an Oracle database.
See Table 2-6 on page 17.
Table 2-5 Linux partition minimum size guidelinesEnforce Server with Oracle
database
Partition Minimum free space Description and comments
/home 6 GB Store the Oracle installation tools, Oracle

installation ZIP files, and Oracle critical patch
update (CPU) files in /home.
/tmp 1.2 GB The Oracle installer and installation tools require

space in this directory.
/opt 500 GB for Small/Medium installations Contains installed programs such as Symantec
Data Loss Prevention, the Oracle server, and
1 TB for Large/Very Large installations
the Oracle database. The Oracle database
requires significant space in this directory. For
improved performance, you may want to mount
this partition on different disks/SAN/RAID from
where the root partition is mounted.
/var 15 GB for Small/Medium installations Contains logs, EDM/IDM indexes, Form

Recognition indexes, incremental scan indexes,
46 GB for Large/Very Large installations
and network packet capture directories.
Note: The /var/spool/pcap and
/var/SymantecDLP/drop_pcap directories
must reside on the same partition or mount
point.
/boot 100 MB This must be in its own ext2 or ext3 partition,

not part of soft RAID (hardware RAID is
supported).
swap Equal to RAM If you need to have the memory dump in case
of system crash (for debugging), you may want
to increase these amounts.
Table 2-6 Linux partition minimum size guidelinesEnforce Server without

a database, or detection server
Partition Minimum size guidelines Description and comments
/opt 10 GB Contains installed programs such as Symantec

Data Loss Prevention and the Oracle client.
Table 2-6 Linux partition minimum size guidelinesEnforce Server without

a database, or detection server (continued)
Partition Minimum size guidelines Description and comments
/var 15 GB for Small/Medium installations Contains logs, EDM/IDM indexes, Form

Recognition indexes, incremental scan indexes,
46 GB for Large/Very Large installations
and network packet capture directories.
Note: The /var/spool/pcap and
/var/SymantecDLP/drop_pcap directories
must reside on the same partition or mount
point.
/boot 100 MB This must be in its own ext2 or ext3 partition,

not part of soft RAID (hardware RAID is
supported).
swap Equal to RAM If you need to have the memory dump in case
of system crash (for debugging), you may want
to increase these amounts.
Endpoint computer requirements for the Symantec

DLP Agent
If you install Endpoint Prevent, the endpoint computers on which you install the
Symantec DLP Agent must meet the requirements that are described in the following
sections.
See Operating system requirements for endpoint systems on page 18.
See Memory and disk space requirements for the Symantec DLP Agent
on page 19.
Operating system requirements for endpoint systems

Symantec DLP Agents can be installed on computers running any of the following
operating systems:
Microsoft Windows Server 2008 Enterprise or Standard Editions R2 (64-bit)
Microsoft Windows Server 2012 R2 Datacenter, Standard, Essential, or
Foundation Editions (64-bit, Desktop mode only)
Microsoft Windows 7 Enterprise, Professional, or Ultimate, including Service
Pack 1 (32-bit or 64-bit)
Microsoft Windows 8 Enterprise 64-bit PC operating system
Microsoft Windows 8.1 Enterprise, Pro 64-bit PC operating system

Microsoft Windows 8.1 Update 1x Enterprise, Pro 64-bit PC operating system
Microsoft Windows 8.1 Update 2 Enterprise, Pro 64-bit PC operating system
Microsoft Windows 8.1 Update 3 Enterprise, Pro 64-bit PC operating system
Microsoft Windows 10 Update 1511 Enterprise, Pro 64-bit PC operating system
Microsoft Windows 10 Anniversary Update Enterprise, Pro 64-bit PC operating
system
Note: Windows Store (Metro UI) apps are only supported on Windows 10
endpoints.
Apple macOS 10.9 (64-bit)

Symantec DLP Agents can also be installed on supported localized versions of
these Windows and Mac OS operating systems.
See Supported languages for detection on page 21.
See also the Symantec Data Loss Prevention Administration Guide for detailed
information about supported languages and character sets.
See About Endpoint Data Loss Prevention compatibility on page 47.
Memory and disk space requirements for the Symantec DLP Agent
The Symantec DLP Agent software reserves a minimum of 25 MB to 30 MB of
memory on the Endpoint computer, depending on the actual version of the software.
The DLP Agent software temporarily consumes additional memory while it detects
content or communicates with the Endpoint Prevent server. After these tasks are
complete, the memory usage returns to the previous minimum.
The initial Symantec DLP Agent installation consumes approximately 70 MB to 80
MB of hard disk space. The actual minimum amount depends on the size and
number of policies that you deploy to the endpoint computer. Additional disk space
is then required to temporarily store incident data on the endpoint computer until
the Symantec DLP Agent sends that data to the Endpoint Prevent server. If the
endpoint computer cannot connect to the Endpoint Prevent server for an extended
period of time, the Symantec DLP Agent will continue to consume additional disk
Symantec Data Loss Prevention for Mobile requirements
space as new incidents are created. The disk space is freed only after the agent
software reconnects to the Endpoint Prevent server and transfers the stored
incidents.
Symantec Data Loss Prevention for Mobile

requirements
Note: Mobile Prevent is deprecated in Symantec Data Loss Prevention 14.6 and
no compatibility tests were performed for this release.
The following table contains requirements you need to set up Symantec Data Loss
Prevention for Mobile (Mobile Prevent). If there are multiple options available for a
requirement, each option is listed.
Note: The Symantec Data Loss Prevention Mobile Prevent for Web detection server
is not supported in a virtual or hosted environment, or on Single Server installations.
For system requirements for Mobile Prevent detection servers:

Table 2-7 Mobile Prevent requirements
Requirement Description
Supported iPhone 6
devices
Operating iOS for iPhone: 8

systems
ActiveSync (Required only for detection of corporate email) Microsoft Exchange 2010
with ActiveSync
Web proxy Blue Coat Proxy SG version 5.5.3.1, 6.2.12.1, and 6.5.x for Mobile Prevent,
or for Mobile Prevent deployed with Network Prevent for Web
Note: Your proxy server must not use network address translation (NAT)
where it is located in your infrastructure.
Table 2-7 Mobile Prevent requirements (continued)
Requirement Description
VPN server Cisco ASA series

Cisco AnyConnect
Juniper SA series

Symantec Data Loss Prevention supports a large number of languages for detection.
Policies can be defined that accurately detect and report on the violations that are
found in content in these languages.
Table 2-8 Languages supported by Symantec Data Loss Prevention
Language Version 11.x Version 12.x Version 14.x Version 14.6
Arabic Yes Yes Yes Yes
Brazilian Portuguese Yes Yes Yes Yes
Chinese (traditional) Yes Yes Yes Yes
Chinese (simplified) Yes Yes Yes Yes
Czech Yes Yes Yes Yes
Danish Yes Yes Yes Yes
Dutch Yes Yes Yes Yes
English Yes Yes Yes Yes
Finnish Yes Yes Yes Yes
French Yes Yes Yes Yes
German Yes Yes Yes Yes
Greek Yes Yes Yes Yes
Hebrew Yes Yes Yes Yes
Hungarian Yes Yes Yes Yes
Italian Yes Yes Yes Yes
Japanese Yes Yes Yes Yes

Table 2-8 Languages supported by Symantec Data Loss Prevention

(continued)
Language Version 11.x Version 12.x Version 14.x Version 14.6
Korean Yes Yes Yes Yes
Norwegian Yes Yes Yes Yes
Polish Yes Yes Yes Yes
Portuguese Yes Yes Yes Yes
Romanian Yes Yes Yes Yes
Russian Yes Yes Yes Yes
Spanish Yes Yes Yes Yes
Swedish Yes Yes Yes Yes
Turkish Yes* Yes* Yes* Yes*
*Symantec Data Loss Prevention cannot be installed on a Windows operating

system that is localized for the Turkish language, and you cannot choose Turkish
as an alternate locale.
For additional information about specific languages, see the Symantec Data Loss
Prevention Release Notes.
A number of capabilities are not implied by this support:
Technical support provided in a non-English language. Because Symantec Data
Loss Prevention supports a particular language does not imply that technical
support is delivered in that language.
Localized administrative user interface (UI) and documentation. Support for a
language does not imply that the UI or product documentation has been localized
into that language. However, even without a localized UI, user-defined portions
of the UI such as pop-up notification messages on the endpoint can still be
localized into any language by entering the appropriate text in the UI.
Localized content. Keywords are used in a number of areas of the product,
including policy templates and data identifiers. Support for a language does not
imply that these keywords have been translated into that language. Users may,
however, add keywords in the new language through the Enforce Server
administration console.
New file types, protocols, applications, or encodings. Support for a language
does not imply support for any new file types, protocols, applications, or
encodings that may be prevalent in that language or region other than what is
already supported in the product.
Language-specific normalization. An example of normalization is to treat accented
and unaccented versions of a character as the same. The product already
performs a number of normalizations, including standard Unicode normalization
that should cover the vast majority of cases. However, it does not mean that all
potential normalizations are included.
Region-specific normalization and validation. An example of this is the awareness
that the product has of the format of North American phone numbers, which
allows it to treat different versions of a number as the same, and to identify
invalid numbers in EDM source files. Support for a language does not imply this
kind of functionality for that language or region.
Items in these excluded categories are tracked as individual product enhancements
on a language- or region-specific basis. Contact Symantec Technical Support for
additional information on language-related enhancements or plans for the languages
not listed.

You can install any of the available language packs for your Symantec Data Loss
Prevention deployment. Language packs provide a limited set of non-English
languages for the Enforce Server administration console user interface and online
Help. Note that these language packs are only needed to provide a translated user
interface and online Help; they are not needed for data detection. Language packs
also contain translated versions of selected Symantec Data Loss Prevention
documentation.
As they become available, language packs for Symantec Data Loss Prevention are
distributed along with the software products they support. You can also download
and add a language pack to an installation. Language packs do not require any
additional purchase or license. Consult the Symantec Data Loss Prevention
Administration Guide for details on how to add and enable a language pack.
Language packs are distributed in the Symantec_DLP_14.6_Lang_Pack-ML.zip file
on the Symantec FileConnect website. When you extract the contents of the ZIP
file, the individual language pack files have names in the form:
Symantec_DLP_14.6_Lang_Pack_<language>.zip
Language packs are available for the following languages:
Language Locale code
Brazilian Portuguese PT_BR

Language Locale code
Chinese (Simplified) ZH_CN
Chinese (Traditional) ZH_TW
French FR_FR
German DE_DE
Italian IT_IT
Japanese JA_JP
Korean KO_KR
Mexican Spanish ES_MX
Russian RU_RU
Note: Not all language packs are available when a product is first released.

Symantec Data Loss Prevention requires Oracle 11g Standard Edition (or Standard
Edition One) version 11.2.0.4 (64-bit) with the most recent Critical Patch Update.
Symantec provides Oracle 11g with Data Loss Prevention. Symantec only supports
the Standard Edition and the Standard Edition One of the Oracle database, but the
Symantec Data Loss Prevention database schema is supported on all editions of
Oracle.
Note: Symantec has qualified Data Loss Prevention 14.6 to work with Oracle
Database Enterprise Edition 12c. This configuration is supported for new and
upgraded installations of Data Loss Prevention 14.6.
You must obtain the Oracle Database Enterprise Edition 12c software and license
directly from Oracle. You must also obtain support for the Oracle software directly
from Oracle.
To use Data Loss Prevention with Oracle Database Enterprise Edition 12c, you
must configure the Oracle database appropriately. For details, see the Symantec
Support Center article at http://www.symantec.com/docs/DOC9260.
Symantec Data Loss Prevention requires the Oracle database to use the AL32UTF8
character set. If your database is configured for a different character set, the installer
notifies you and cancels the installation.
You can install Oracle on a dedicated server (a three-tier deployment) or on the
same computer as the Enforce Server (a two-tier or single-tier deployment):
Three-tier deployment.
System requirements for a dedicated Oracle server are listed below. Note that
dedicated Oracle server deployments also require that you install the Oracle
11g Client on the Enforce Server computer to communicate with the remote
Oracle 11g instance.
Single- and two-tier deployments.
When installed on the Enforce Server computer, the Oracle system requirements
are the same as those of the Enforce Server.
See Small organization minimum hardware requirements on page 10.
If you install Oracle 11g on a dedicated server, that computer must meet the following
minimum system requirements for Symantec Data Loss Prevention:
One of the following operating systems:
Microsoft Windows Server 2008 R2 Standard or Enterprise (64-bit)
Microsoft Windows Server 2008 R2 SP1 Standard or Enterprise (64-bit)
Microsoft Windows Server 2012 R2 Standard, Enterprise, or Datacenter
(64-bit)
Red Hat Enterprise Linux 6.6 through 6.8 (64-bit)
Red Hat Enterprise Linux 7.1 and 7.2 (64-bit)
6 GB of RAM
6 GB of swap space (equal to RAM up to 16 GB)
500 GB 1 TB of disk space for the Enforce database
On a Linux system, if the Oracle database is on the same computer as the Enforce
Server, then the /opt file system must have at least 500 GB of free space for small
or medium installations. 1 TB of free space is required for large or very large
installations. If Oracle is installed on a different computer from the Enforce Server,
then the /opt file system must have at least 10 GB of free space, and the /boot
file system must have at least 100 MB of free space.
The exact amount of disk space that is required for the Enforce database depends
on variables such as:
Browser requirements for accessing the Enforce Server administration console
The number of policies you plan to initially deploy

The number of policies you plan to add over time
The number and size of attachments you want to store (if you decide to store
attachments with related incidents)
The length of time you intend to store incidents
See the Symantec Data Loss Prevention Administration Guide for more information
about developing policies.
See the Symantec Data Loss Prevention Oracle Installation and Upgrade Guide
for more Oracle installation information.
Browser requirements for accessing the Enforce

Server administration console
You can access the Enforce Server administration console using any of the following
browsers:
Microsoft Internet Explorer 10 or 11
Mozilla Firefox 44 and 49, and Firefox Enterprise (ESR) 45, 45.4 and 49.
Adobe Flash Player 21 is required to view the folder risk report for Network
Discover/Cloud Storage Discover (Incidents > Discover > Folder Risk Report).
Requirements for using certificate authentication for

single sign-on
Certificate authentication enables a user to automatically log on to the Enforce
Server administration console using a client certificate that is generated by your
public key infrastructure (PKI). To use certificate authentication, your PKI must
deliver an X.509-compliant client certificate to the Tomcat container when a user
accesses the Enforce Server administration console URL. The client certificate
must contain a unique CN value that maps to an active user account in the Enforce
Server configuration.
The client certificate must be delivered to the Enforce Server when a client's browser
performs the SSL handshake with the Enforce Server administration console. For
example, you might use a smart card reader and middleware with your browser to
automatically present a certificate to the Enforce Server. Or, you might obtain an
X.509 certificate from a certificate authority and upload the certificate to a browser
that is configured to send the certificate to the Enforce Server.
Symantec Data Loss Prevention supports two mechanisms for checking whether
a client certificate has been revoked: Online Certificate Status Protocol (OCSP)
and Certificate Revocation Lists (CRLs). Symantec Data Loss Prevention can
operate with an RFC 2560-compliant OCSP responder. If the OCSP responder
cannot be reached, Symantec Data Loss Prevention will perform CRL validation
using the method described in section 6.3 of RFC 3280. To use CRL validation,
each client certificate must include the HTTP URL of a CRL distribution point
(CRLDP). Symantec Data Loss Prevention extracts the HTTP URL from the CRL
distribution point extension to the X.509 certificate. Note, however, that Symantec
Data Loss Prevention cannot use LDAP URLs that are embedded in the CRL
distribution point extension.
For more information about configuring certificate authentication and certificate
revocation checks, see the Symantec Data Loss Prevention Administration Guide.

Symantec supports running Symantec Data Loss Prevention servers on VMware
ESXi 5.x, VMware ESXi 6.x, and Windows Hyper-V virtualization products, provided
that the virtualization environment is running a supported operating system.
See Operating system requirements for servers on page 14.
At a minimum, ensure that each virtual server environment matches the system
requirements for servers described in this document.
See Minimum system requirements for Symantec Data Loss Prevention servers
on page 9.
Consider the following support information when configuring a virtual server
environment:
Endpoint Prevent servers are supported only for configurations that do not
exceed the recommended number of connected agents.
Symantec does not support running the Oracle database server on VMware
ESXi 5.x, VMware ESXi 5.x, and VMware ESX 6.x virtual hardware. If you deploy
the Enforce Server to a virtual machine, you must install the Oracle database
using physical server hardware.
Symantec supports running the Enforce Server and Oracle database server in
a Windows Hyper-V environment.
Symantec does not support running the Network Monitor or Mobile Prevent for
Web detection servers on virtual machines.
Symantec does not support Single Server installations on virtual machines.
A variety of factors influence virtual machine performance, including the number of

CPUs, the amount of dedicated RAM, and the resource reservations for CPU cycles
and RAM. The virtualization overhead and guest operating system overhead can
lead to a performance degradation in throughput for large datasets compared to a
system running on physical hardware. Use your own test results as a basis for
sizing deployments to virtual machines.
See the Symantec Data Loss Prevention Network Monitor and Prevent Performance
Sizing Guidelines, available at the Symantec Support Center at
http://www.symantec.com/docs/DOC8253, for additional information about running
Network Prevent servers on virtual machines.
Virtual desktop and virtual application support with

Endpoint Prevent
You can deploy the DLP Agent on Citrix and VMware virtual machines.
Citrix virtualization support

Citrix XenDesktop and Citrix XenApp provide virtual Windows desktops and Windows
applications to clients of the Citrix servers. Symantec supports deploying the
Symantec DLP Agent software directly on Citrix XenApp application servers or
Citrix XenDesktop virtual machines to prevent clients from extracting confidential
data from Citrix published applications or desktops to the client computer. Symantec
Data Loss Prevention provides this functionality by monitoring volumes, print/fax
requests, clipboards, and network activity on the Citrix server to detect when
confidential data would be sent to a client computer. A Symantec DLP Agent does
not need to be installed on each individual Citrix client to support this functionality.
A single Symantec DLP Agent monitors all of the Citrix clients. All Citrix clients that
are protected by the agent monitor need to have a valid Endpoint Prevent license.
The license is required whether a Symantec DLP Agent is installed on the client or
not.
Note: All incidents that are generated on Citrix drives by the Symantec DLP Agent
software appear as Removable Storage Device incidents. In the Enforce Server
administration console, you cannot deselect the Removable Storage event for
Citrix drives because this event is always monitored by agents that are deployed
to Citrix servers.
The following Citrix products are supported, with the indicated limitations:
Table 2-9 Citrix virtualization support and limitations
Supported Citrix products Limitations
Citrix XenApp 6.5 on Windows Server 2008 Performance and deployment:

Enterprise Edition R2 (64-bit)
You must install the Symantec DLP Agent software on each
Citrix XenApp 7.6 on Windows Server 2008 XenApp server host, and on any individual application servers that
Enterprise Edition R2 (64-bit) and Windows publish applications through XenApp.
Server 2012 R2 Standard Edition
All detection on Citrix XenApp is performed in a single thread (all
Citrix XenApp 7.9 on Windows Server 2008 user activities are analyzed sequentially).
Enterprise Edition R2 (64-bit) and Windows
Symantec tests indicate that the Symantec DLP Agent software
Server 2012 R2 Standard Edition
can support a maximum of 40 simultaneous clients per Citrix server.
However, detection performance varies depending on the server
hardware, the type of applications that are used, and the activities
that Citrix clients perform. You must verify the Symantec DLP Agent
performance characteristics for your environment.
The Symantec DLP Agent software should connect to an Endpoint
Prevent server that is reserved for Citrix agents. Using the same
Endpoint Prevent server for non-Citrix agents limits the functionality
of those agents, because you must disable Local Drive and
CD/DVD monitoring for the server as a whole.
See Virtual desktop and virtual application support with Endpoint
Prevent on page 28.
When you use the Enforce Server administration console to
configure endpoint events to monitor, you must deselect CD/DVD
and Local Drive events for XenApp agents. These items are present
on the server configuration page, but they are not supported for
Citrix XenApp.
Endpoint Prevent features:
If XenApp streams an application directly to an endpoint computer,

the Symantec DLP Agent that is deployed to XenApp server cannot
monitor the streamed application.
Instant messenger events (MSN IM, Yahoo IM, and AIM) have not
been tested and are not supported.
IP addresses in Data Loss Prevention incident snapshots contain
the IP address of the XenApp server, and not a Citrix client.
If the Symantec DLP Agent software blocks an attempted copy to
a client drive, it does not provide an option to restore or recover
the file at a later time.
Table 2-9 Citrix virtualization support and limitations (continued)
Supported Citrix products Limitations
Citrix XenDesktop 5.6 on Windows 7 SP1 Performance and deployment:

(32-bit or 64-bit)
You must install the Symantec DLP Agent software on each virtual
Citrix XenDesktop 7.6 on Windows 7 SP1 machine on the XenDesktop server.
(32-bit or 64-bit)
The Symantec DLP Agent software can connect either to a
Citrix XenDesktop 7.9 on Windows 7 SP1 dedicated Endpoint Prevent server or to an Endpoint Prevent server
(32-bit or 64-bit), Windows 8.0, 8.1, and that is shared with non-Citrix agents. You cannot connect to an
Windows 10 (64-bit) Endpoint Prevent server that is reserved for Citrix XenApp. Note
that if you use the same server for both Citrix and non-Citrix agents,
you cannot configure events independently for each environment.
Endpoint Prevent features:
Instant messenger events (MSN IM, Yahoo IM, and AIM) have not
been tested and are not supported.
IP addresses in Data Loss Prevention incident snapshots contain
the IP address of the XenDesktop virtual machine, and not a Citrix
client.
If the Symantec DLP Agent software blocks an attempted copy to
a client drive, it does not provide an option to restore or recover
the file at a later time.
Detection server restriction for Symantec DLP Agents on Citrix

XenApp
Symantec does not recommend using a single Endpoint Prevent detection server
with both physical endpoint computers and Citrix XenApp servers. When you use
the Enforce Server administration console to configure endpoint events to monitor,
you must deselect CD/DVD and Local Drive events for Citrix XenApp agents. (These
items are present on the server configuration page, but they are not supported for
Citrix XenApp.) Using the same Endpoint Prevent Server for non-Citrix agents limits
the functionality of those agents, because you must disable Local Drive and CD/DVD
events for the server as a whole.
To support Symantec DLP Agent software on both Citrix XenApp servers and
physical endpoint computers, Symantec recommends that you deploy two Endpoint
Prevent detection servers and ensure that each server is reserved for either Citrix
XenApp agents or physical endpoint agent installations.
VMware virtualization support

Symantec supports running the Symantec DLP Agent software on virtual
workstations using one of the following:
VMware Workstation 6.5.x
VMware View 4.6

VMware Horizon View 6.0.1 and 6.2.1
VMware Fusion 7 (Mac OS)
Hyper-V and Hyper-V (WS 2012 R2)
Third-party software requirements and

recommendations
Symantec Data Loss Prevention requires certain third-party software. Other
third-party software is recommended. See:
Table 2-10 for required software
Table 2-11 for required Linux RPMs
Table 2-12 for recommended software
Table 2-10 Required third-party software
Software Required for Description
Adobe Reader All systems Adobe Reader is required for reading

the Symantec Data Loss Prevention
documentation.
Download from Adobe.
Apache Tomcat version 7.0.70 Enforce Server Required to support the reporting
system.
The correct version of Tomcat is

automatically installed on the Enforce
Server by the Symantec DLP Installation
Wizard and does not need to be
obtained or installed separately.
Java Runtime Environment (JRE) All servers The Symantec DLP Installation Wizard
1.8.0.77 automatically installs the correct JRE
version.
Flex SDK 4.6 Network Discover/Cloud Storage Required SDK for Folder Risk Reporting.
Discover Server
Napatech driver version 4.22c Napatech NT4E high-speed packet Provides high-speed monitoring.
(Windows Server 2008 R2 only), capture card
Napatech cards are not supported on
4.22 a, 4.26a, and 4.26c (Linux and
Single Server installations.
Windows)
Table 2-10 Required third-party software (continued)
Software Required for Description
WinPcap 4.1.3 Required for Windows-based Network Windows packet capture library.
Monitor Server. WinPcap 4.1.3 is
Download from winpcap.org.
required for Microsoft Windows Server
2012.
Recommended for all Windows-based

detection servers.
Endace card driver 5.3.1 Detection servers equipped with an Endace cards are not supported on
Endace network measurement card. Single Server installations.
Download from Endace.
See Small/medium enterprise minimum

hardware requirements on page 10.
VMware Required to run supported components Virtualization software.

in a virtualized environment.
Download from VMware.
See Virtual server support on page 27.
Microsoft Active Directory 2003, Required versions for connecting to Provides directory services for Windows
2008 R2, 2012, or 2012 R2 Active Directory. domain networks.
In addition to the Linux Minimal Installation, Linux-based Symantec Data Loss

Prevention servers require the Red Hat Package Managers (RPM) listed in
Table 2-11.
Table 2-11 Required Linux RPMs
Linux-based servers Required RPMs
Enforce Server apr

apr-util
Oracle server
binutils
compat-libstdc++-33
expat
libicu
Xorg-x11*
*Required only for graphical installation.

Console-mode installation does not require an X
server.
Table 2-11 Required Linux RPMs (continued)
Linux-based servers Required RPMs
Network Monitor Server apr

apr-util
compat-libstdc++-33
expat
libicu
Xorg-X11*
*Required only for graphical installation.

Console-mode installation does not require an X
server.
Red Hat Enterprise Linux versions 6.6 has these additional dependencies:
compat-openldap
compat-expat1
compat-db43
openssl098e
Red Hat Enterprise Linux version 7 has these additional 64-bit only package
dependencies:
compat-openldap-1:2.3.43-5.el7
compat-db47-4.7.25-28.e17
libpng12
compat-libtiff3
Note: SeLinux must be disabled on all Linux-based servers.
Symantec recommends the third-party software listed in Table 2-12 for help with
configuring and troubleshooting your Symantec Data Loss Prevention deployment.
Table 2-12 Recommended third-party software
Software Location Description
Wireshark Any server computer Use Wireshark (formerly Ethereal) to verify that
the detection server NIC receives the correct traffic
from the SPAN port or tap. You can also use
Wireshark to diagnose network problems between
other servers.
Download the latest version from Wireshark.
dagsnap Network Monitor Server computers that Use in combination with Wireshark to verify that
use Endace cards the detection server Endace NIC receives the
correct traffic from the SPAN port or tap. Dagsnap
is included with Endace cards, and is not required
with non-Endace cards.
Sysinternals Suite Any Windows server computer Troubleshooting utilities. Recommended for
diagnosing problems on Windows server
computers.
Download the latest version from Microsoft.
LDAP browser Enforce Server An LDAP browser is recommended for configuring

or troubleshooting Active Directory or LDAP.
Chapter 3
Product compatibility
Environment compatibility and requirements for Network Prevent for Email
Proxy server compatibility with Network Prevent for Web
SSL monitoring
Secure ICAP support for Network Prevent for Web using the stunnel service
High-speed packet capture cards
Data Insight compatibility with Symantec Data Loss Prevention version 14.6
Enterprise Vault compatibility with Symantec Data Loss Prevention 14.6
Veritas Cluster Server compatibility
Integrations with other Symantec products
Network Discover/Cloud Storage Discover compatibility
About Endpoint Data Loss Prevention compatibility
Mobile Prevent compatibility
Mobile Email Monitor compatibility
Environment compatibility and requirements for

Network Prevent for Email
The Network Prevent for Email Server is compatible with a wide range of
enterprise-grade third-party SMTP-compliant MTAs and hosted email services.
Consult your MTA vendor or hosted email service for specific support questions.
Product compatibility 36
Network Prevent for Email Server can integrate with an MTA or hosted email service
that meets the following requirements:
The MTA or hosted email service must be capable of strict SMTP compliance.
It must be able to send and receive mail using only the following command
verbs: HELO (or EHLO), RCPT TO, MAIL FROM, QUIT, NOOP, and DATA.
When running the Network Prevent for Email Server in reflecting mode, the
upstream MTA must be able to route messages to the Network Prevent for Email
Server only once for each message.
You can use an SMTP-compliant MTA that routes outbound messages from your
internal mail infrastructure to the Network Prevent for Email Server. For reflecting
mode compatibility, the MTA must also be able to route messages that are returned
from the Network Prevent for Email Server out to their intended recipients.
Network Prevent for Email Server attempts to initiate a TLS connection with a
downstream MTA only when the upstream MTA issues the STARTTLS command.
The TLS connection succeeds only if the downstream MTA or hosted email service
supports TLS. It must also authenticate itself to the Network Prevent for Email
Server. Successful authentication requires that the appropriate keys and X509
certificates are available for each mail server in the proxied message chain.
See the Symantec Data Loss Prevention MTA Integration Guide for Network Prevent
for Email for information about configuring TLS support for Network Prevent for
Email servers operating in forwarding mode or reflecting mode.
Proxy server compatibility with Network Prevent for

Web
Network Prevent for Web Servers use a standard Internet Content Adaptation
Protocol (ICAP) interface and support many proxy servers. Table 3-1 indicates the
servers and the protocols.
Symantec Data Loss Prevention also supports secure ICAP (SICAP), using stunnel.
See Secure ICAP support for Network Prevent for Web using the stunnel service
on page 38.
Table 3-1 Network Prevent for Web supported proxy servers
Proxy Supported protocols Configuration information
A10 Thunder SSLi 4.1.0 and 4.3.1 ICAP, SICAP, HTTP, HTTPS A10 product documentation
Table 3-1 Network Prevent for Web supported proxy servers (continued)
Blue Coat ProxySG versions 6.5.x and ICAP, SICAP, HTTP, HTTPS, or FTP Blue Coat product documentation
6.6.x for Network Prevent for Web proxy
Blue Coat ProxySG versions 6.5.x and

6.6.x for Mobile Prevent
Cisco IronPort S-Series versions 7.1.x, ICAP, HTTP, HTTPS Cisco IronPort product documentation
7.5.x and 8.5.x
F5 BIG-IP System ICAP, HTTP, HTTPS See the "Using the F5 Proxy with
Symantec Data Loss Prevention
Network Prevent for Web" at the
Symantec Support Center at
http://www.symantec.com/docs/TECH235856
for information on integrating the F5

BIG-IP System with Network Prevent
for Web as an ICAP client-server
solution.
Fortinet FortiGate Next Generation ICAP, HTTP, HTTPS Fortinet FortiGate Next Generation
Firewalls, version 5.4.x Firewalls product documentation
McAfee Web Gateway (formerly ICAP, SICAP, HTTP, HTTPS, or FTP Secure Web documentation
Secure Computing Secure Web proxy (particularly the chapter that describes
Webwasher) versions 7.4.x, and 7.5.x setting up Secure Web with a DLP
Solution)
Squid Web Proxy version 3.3.x, and ICAP, HTTP, HTTPS See the Symantec Data Loss
3.5.x Prevention Integration Guide for Squid
Web Proxy
Symantec Web Gateway version 5.0, ICAP, HTTP, HTTPS See the Symantec Web Gateway
5.0.2.8, and 5.2.5 Implementation Guide
SSL monitoring
Table 3-1 Network Prevent for Web supported proxy servers (continued)
Websense Appliance V5000 and ICAP, HTTP, HTTPS Does not support redaction.
V10000, with Websense Web Security
Only supports "Block HTTP/HTTPS".
version 7.6.x
RESPMOD is not supported.
Websense blocks the traffic only when

the size of the Symantec Data Loss
Prevention rejection message (in the
response rule) is larger than 512
bytes. If the rejection message is less
than 512 bytes, an incident is
generated but the network traffic is not
blocked.
Zscaler Cloud ICAP, SICAP, HTTP, HTTPS See the Symantec Support Center
article "Integrating Zscaler Web
Security with Network Prevent for
Web" for information on how to install
and set up the integration.
SSL monitoring
Symantec has certified Network Prevent for Web to monitor the following SSL
appliances:
Blue Coat SSL Visibility Appliance
For details, see the article TECH231642 at the Symantec Support Center.
Palo Alto Networks Next-Generation Firewall
For details, see the article TECH234916 at the Symantec Support Center.
Secure ICAP support for Network Prevent for Web

using the stunnel service
Symantec has certified Network Prevent for Web to enable secure ICAP (SICAP)
communications with the A10 Thunder SSLi encryption platform, the Blue Coat
ProxySG server, the Zscaler Web Security Gateway service, and McAfee Web
Gateway.
For instructions on how to configure secure ICAP functionality with Network Prevent
for Web on both Linux and Windows servers, see the Symantec Support Center
article http://www.symantec.com/docs/TECH220170.

This topic describes the high-speed packed capture cards that are supported for
Network Prevent.
Table 3-2 Supported high-speed packet capture cards
Card Version Driver version
Endace DAG_7.5 G2/G4 (PCI-E) 5.3.1

Note: Endace cards for use with Data
Loss Prevention are supported on
Linux 64-bit systems only. Endace
cards are not supported on Single
Server installations.
Napatech (64-bit hardware only) NT4E 4.22c (Windows Server 2008 R2 only),
4.22a, 4.26a, and 4.26c (RHEL 6.x,
Note: Napatech cards are not
RHEL 7.x; Microsoft Windows Server
supported on Single Server
2008 R2, 2012, and 2012 R2)
installations.
Data Insight compatibility with Symantec Data Loss

Prevention version 14.6
Data Insight is a separately licensed option to Symantec Data Loss Prevention that
helps organizations solve the problem of identifying data owners and responsible
parties for information due to incomplete or inaccurate metadata or tracking
information. Data Insight provides a connection from the Enforce Server to a Data
Insight Management Server.
Table 3-3 Supported versions of Data Insight for Symantec Data Loss
Prevention
Data Insight DLP version 12.0 DLP version 12.5 DLP version 14.0 DLP version 14.5 DLP version 14.6
Version
2.0 Yes Yes No No No

Enterprise Vault compatibility with Symantec Data Loss Prevention 14.6
Table 3-3 Supported versions of Data Insight for Symantec Data Loss
Prevention (continued)
Data Insight DLP version 12.0 DLP version 12.5 DLP version 14.0 DLP version 14.5 DLP version 14.6
Version
3.0 RP1 Yes Yes No No No
3.0.1 Yes Yes No No No
3.0.1 RP1 Yes Yes No No No
3.0.1 RU1 Yes Yes No No No

RP4
4.5.1 No Yes No No No
4.5.2, 4.5.3 No Yes (12.5, 12.5.2) Yes No No
5.0 No Yes (12.5.2) Yes Yes No
5.1 No No Yes Yes No
5.1.1 No No No No Yes
Enterprise Vault compatibility with Symantec Data

Loss Prevention 14.6
Enterprise Vault is a separately licensed option to Symantec Data Loss Prevention
14.6.
Table 3-4
Enterprise Vault DLP 12 DLP 12.5 DLP 14 DLP 14.5 DLP 14.6
version
10 No No No No No
10.01 No No No No No
Table 3-4 (continued)
Enterprise Vault DLP 12 DLP 12.5 DLP 14 DLP 14.5 DLP 14.6
version
10.0.2, 10.0.3 Yes No No No No
10.0.4 No Yes No No No
11 No Yes No No No
Yes
11.0.1 No Yes Yes Yes No
12.0 No No No Yes Yes

Veritas Cluster Server (VCS) is a high-availability solution that provides failover
capabilities for the Symantec Data Loss Prevention Enforce Server and Oracle
database hosts. Symantec Data Loss Prevention version 14.6 supports VCS version
5.1 SP2 and 6.0 on Microsoft Windows 64-bit operating systems, and VCS version
5.1 and 6.0 on Linux 64-bit operating systems.

This section describes compatibility of various integrations of Symantec Data Loss
Prevention with other Symantec products.
Table 3-5 Symantec product compatibility with Symantec Data Loss Prevention
Symantec product Version Note DLP DLP DLP DLP version DLP version
version version version 14.5 14.6
12.0 12.5 14.0
Symantec PGP 2.63 Yes No No No No

Universal Gateway
Email
3.3.x Yes Yes Yes Yes No

(continued)
12.0 12.5 14.0
Symantec 7.5 No Yes No No No

Messaging Gateway
(SMG)
8200 and 8300

Series
8.0 No Yes No No No
10.0.1.2 Yes Yes Yes Yes No
10.0.2 Yes Yes Yes Yes No
10.5.0-8 Yes Yes Yes Yes No
10.5.3 No No Yes Yes No
Symantec Web 5.0, Yes Yes Yes Yes No

Gateway (SWG) 5.0.2.8
5.2.5 No No No Yes Yes
Symantec Mobile 7.1 SPI Yes Yes Yes Yes

Management (SMM)
7.2 Yes Yes Yes Yes
Symantec Endpoint 12.1, 12.1 For information Yes Yes Yes No

Protection RU4 about configuring
Symantec
Endpoint
Protection for
use with Network
Discover/Cloud
Storage Discover
and Network
Monitor, see the
Symantec Data
Loss Prevention
14.0 Release
Notes.
(continued)
12.0 12.5 14.0
Symantec Endpoint 12.1.5 No No No Yes Yes Yes

Protection
Symantec Endpoint 12.1.6 No No No No No Yes

Protection (12.1 RU6
MP6)
Network Discover/Cloud Storage Discover

compatibility
Network Discover/Cloud Storage Discover locates exposed confidential data by
scanning a broad range of enterprise data repositories such as: file servers,
databases, Microsoft SharePoint, Lotus Notes, Documentum, Livelink, Microsoft
Exchange, and Web servers.
See Supported file system targets on page 43.
See Supported IBM (Lotus) Notes targets on page 44.
See Supported SQL database targets on page 45.
See Supported SharePoint server targets on page 45.
See Supported Exchange Server targets on page 45.
See Supported file system scanner targets on page 46.
See Supported Documentum (scanner) targets on page 47.
See Supported OpenText (Livelink) scanner targets on page 47.
See Supported web server (scanner) targets on page 47.
Supported Box cloud storage targets

The Box target supports scanning of files and folders in enterprise Box cloud storage
accounts.
Supported file system targets

The File System target supports scanning of the following network file systems.
Supported file servers:

CIFS Servers only
Supported file shares:
CIFS on Windows Server 2008 R2, 2012, 2012 R2, and 2016
NFS on Red Hat Enterprise Linux 5.x, 6.x, and 7.x
DFS scanning on Windows 2008 R2, 2012, 2012 R2, and 2016.
Note: DFS is not supported with Network Protect.
In addition, the File System target supports scanning of the following file types:
Microsoft Outlook Personal Folders (.pst files) created with Outlook 2007, 2010,
2013, and 2016.
The Network Discover/Cloud Storage Discover Server scanning this target must
be running a Windows operating system, and Outlook 2007 or later must be
installed on that system.
File systems on UNIX systems, even if they are not exposed as CIFS or NFS
shares.
Use the SFTP protocol to provide a method similar to the scans of file shares.
You can also scan the local file system on a Linux Network Discover/Cloud
Storage Discover Server by listing the path name in the content root. For
example, you can enter /home/myfiles.
Supported IBM (Lotus) Notes targets

The IBM Notes (formerly known as Lotus Notes) target supports scanning of the
following versions:
Lotus Notes 7.0
Lotus Notes 8.0
Lotus Notes 8.5.x
IBM Notes 9.0.x
The files Notes.jar and NCSO.jar are in the Lotus Notes client installation directory.
The manifest version number of these files depend on the Domino server version.
Version 7 has a manifest version in the JAR file of 1.4.2
Supported SQL database targets

The following SQL Databases were tested with Network Discover/Cloud Storage
Discover Target scans:
Oracle 10g, 11g (11.2.x), and 12c (12.1.x) (the vendor_name is oracle)
SQL Server 2005 and 2014 (the vendor_name is sqlserver)
DB2 9 and 10.5 (the vendor_name is db2)
Contact Symantec Data Loss Prevention support for information about scanning
any other SQL databases.
Supported SharePoint server targets

The following SharePoint server targets are supported:
Microsoft Office SharePoint Server 2007
Microsoft Office SharePoint Server 2013 SP1
Microsoft Office SharePoint Online 2010 (Dedicated Mode)
Supported Exchange Server targets

Symantec Data Loss Prevention supports the following Exchange Server targets:
Microsoft Exchange Server 2007 SP2 or later
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016 (on-premises)
To use the Exchange Web Services connector, Exchange Web Services and the
Autodiscover Service must be enabled on your Exchange server and are accessible
to the Network Discover/Cloud Storage Discover server.
You can scan the data objects that are stored within Public Folders, such as:
Email messages
Message attachments
Microsoft Word documents
Excel spreadsheets
The Exchange scan also targets mail stored in Exchange 2007, 2010, 2013, and
2016 Personal Archives.
Supported file system scanner targets

The following remote Windows systems can be scanned:
Windows Server 2008 R2
Windows Server 2012 R2
Windows Server 2016
The following Linux file systems can be scanned:
Red Hat Enterprise Linux 5.x
Red Hat Enterprise Linux 6.x
The following AIX file systems can be scanned:
AIX 5.3
AIX 6.1
AIX 7.1
AIX requires the following C run time libraries, as well as Java 1.5 and Java 7 JRE:
xlC.aix50.rte (v8.0.0.0+)
xlC.rte (v8.0.0.0+)
The following 32-bit Solaris file systems can be scanned (64-bit systems are not
supported):
Solaris 9 (SPARC platform)
Solaris 10 (SPARC platform)
Solaris requires the following patch levels for the scanner:
Solaris 9, 115697-01
http://sunsolve.sun.com/search/document.do?assetkey=1-21-115697-02-1
File systems on UNIX systems can also be scanned using the SFTP protocol. This
protocol provides a method similar to share-based file scanning, instead of using
the File System Scanner. Contact Symantec Professional Services for details.
Supported Documentum (scanner) targets

The Documentum scanner supports scanning a Documentum Content Server 5.3.x
or 6.6.x repository.
Supported OpenText (Livelink) scanner targets

The Livelink scanner supports scanning of OpenText (Livelink) Server 9.x targets.
Supported web server (scanner) targets

The web server scanner supports scanning of a static HTTP web site.

Endpoint Data Loss Prevention is compatible with different operating systems and
software applications.
See Endpoint Data Loss Prevention supported operating systems on page 47.
See Endpoint Prevent supported applications on page 50.
Endpoint Data Loss Prevention supported operating systems

Endpoint Data Loss Prevention can operate on Endpoint systems that use the
following operating systems:
Table 3-6 Endpoint Data Loss Prevention supported Windows operating

systems
Operating Version DLP version DLP version DLP version DLP version DLP version
system 12.0 12.5 14.0 14.5 14.6
Windows XP SP2 Yes No No No No

Professional
(32-bit)
SP3 Yes No No No No
Windows 2003 SP1 Yes Yes No No No

Server
Windows 2003 SP2 R2 Yes Yes Yes No Yes

Server

systems (continued)
system 12.0 12.5 14.0 14.5 14.6
Windows 2008 R2 Yes Yes Yes Yes Yes

Server
Enterprise or
Standard
(64-bit)
Windows unpatched No No No No No
Vista
Enterprise
(32-bit)
SP1 Yes No No No No
SP2 Yes No No No No
Windows 7 SP1 Yes Yes Yes Yes Yes

Enterprise,
Professional,
Ultimate
(32-bit)
Windows 7 SP1 Yes Yes Yes Yes Yes

Enterprise,
Professional,
Ultimate
(64-bit)
Windows 8 N/A Yes (12.0.1 No No No No

Enterprise PC and later only)
operating
system
(32-bit)
Windows 8 N/A Yes (12.0.1 Yes Yes Yes Yes

Enterprise PC and later only)
operating
system
(64-bit)

systems (continued)
system 12.0 12.5 14.0 14.5 14.6
Windows 8.1 Unpatched Yes (12.0.1 Yes Yes Yes Yes

Enterprise, and later only)
Pro PC
operating
system
(64-bit)
Update 1 No Yes Yes Yes Yes
Windows 10 Unpatched No No Yes (14.0.1) Yes Yes

Enterprise,
Pro PC
operating
system
(64-bit)
Windows 10 No No No Yes Yes

Anniversary
Update
Table 3-7 Endpoint Data Loss Prevention supported Mac operating systems
system 12.0 12.5 14.0 14.5 14.6
Apple macOS No Yes Yes No No

10.8 (64-bit)
Apple macOS No Yes Yes Yes Yes

10.9 (64-bit)
Apple macOS No Yes Yes Yes Yes

10.10 (64-bit)
Apple macOS No No No Yes Yes

10.11 (64-bit)
Apple macOS No No No No Yes

10.12 (64-bit)
Endpoint Prevent supported applications

Table 3-8 describes individual applications that can be monitored using Endpoint
Prevent on Windows; Table 3-9 describes browsers that can be monitored using
Endpoint Prevent on Apple macOS.
Endpoint Prevent enables you to add monitoring support for other third-party
applications not listed in this table. An example of a third-party application is
Thunderbird. Any application that is not specifically monitored by Symantec Data
Loss Prevention must be configured for application monitoring before Symantec
Data Loss Prevention can detect content with those applications. Always test
individual third-party applications before you enable monitoring on a large number
of endpoints. Individual applications may need additional filtering settings to maintain
acceptable performance. See the Symantec Data Loss Prevention System
Administration Guide for more information about configuring and using application
monitoring.
Table 3-8 Applications supported by Endpoint Prevent on Windows
Feature Software Application DLP 12.0 DLP 12.5 DLP 14.0 DLP 14.5 DLP 14.6
versions
HTTP All browsers All Yes Yes Yes Yes Yes
Secure HTTP Internet Explorer 6.0 Yes Yes No No No

(HTTPS)
9.0 Yes Yes Yes Yes Yes

(12.0.1
and later)
Table 3-8 Applications supported by Endpoint Prevent on Windows (continued)
versions

(12.0.1 (Windows (Windows (Windows
and later 7 and 8.1 7, 8.1 7, 8.1
on Enterprise, Enterprise, Enterprise,
Windows and 10 10
8.1 Windows Enterprise, Enterprise,
Enterprise Server and and
only) 2012 R2, Windows Windows
Desktop Server Server 2012
mode only 2012 R2, R2,
and EPM Desktop Desktop
disabled) mode mode only
only and and EPM
EPM disabled)
disabled)
Edge N/A No No No No No
Firefox 2.0 Yes No No No No
3.0 Yes No No No No
3.5 Yes No No No No
3.6 Yes No No No No
4.0 Yes No No No No
5.0 Yes No No No No
(through
Application
Monitoring
[AFAC])
versions
23 through No Yes (33 Yes (35 Yes Yes 38-44 on

46.0.1 through through Windows
46.0.1 46.0.1 Agent.
supported and
with DLP through
Agent 47.0 on
version DLP
12.5.2 on Agent
Windows version
7, 8.1, and 14.0.2)
10; and
through
47.0 on
DLP Agent
version
12.5.3)
Google Chrome 38 through No No Yes (51 Yes 38-44, 51 -52

52 and 52 (Windows on Windows
supported 10 support Agent
on begins with
50-52 on
Windows 51)
macOS
10 with
Agent.
DLP
Agent
version
14.0.2)
Instant Yahoo Messenger 7.5 Yes Yes No No No

messaging
10.0 No Yes No No No
11.0 No Yes Yes No No
MSN Messenger 8.1 Yes No No No No
9.0 (14) Yes No No No No

versions
AIM 5.9 Yes Yes No No No
AIM Pro 1.4 Yes Yes No No No
Skype Yes
Email Outlook 2002 Yes No No No No
2003 Yes Yes No No No
2007 Yes Yes Yes No No
2010 Yes Yes (32- Yes (32- Yes (32- Yes (32- and
and 64-bit) and and 64-bit) 64-bit)
64-bit)
2011 macOS macOS Agent

Agent
2013 No Yes (32- Yes (32- Yes (32- Yes (32- and
and 64-bit) and and 64-bit) 64-bit)
64-bit)
2016 No No No Yes 32- and Yes: 32- and

64-bit 64-bitWindows
Windows and Mac.
Outlook Web 2007 No Yes Yes Yes

Access (rich and
light mode)
2010 No Yes Yes
2013 No Yes Yes

versions
Outlook.com No Yes Yes Yes
Eudora No No No No
Thunderbird No No No No
Lotus Notes 6.5 Yes No No No No
8.5.1 Yes Yes Yes No No
8.5.3 Yes Yes Yes Yes Yes
Lotus Notes (IBM 8.5.x Yes Yes Yes

Domino)
9.x Yes Yes Yes Yes, 9.0.1
FTP Yes Yes Yes Yes
CD/DVD BsClip Yes Yes Yes Yes
Bs Recorder Gold Yes Yes Yes Yes
BurnAware Yes Yes Yes Yes
Cheetah Burner Yes Yes Yes Yes
Command Burner Yes Yes Yes Yes
CopyToDVD Yes Yes Yes Yes
Creator10 Yes Yes Yes Yes
Deep Burner (32-bit Yes No No No

Windows XP)
GEAR for Windows Yes Yes Yes Yes
mkisofs Yes Yes Yes Yes
Nero Yes Yes Yes Yes

versions
NeroStartSmart Yes Yes Yes Yes
Roxio Yes Yes Yes Yes
Roxio RecordNow Yes Yes Yes Yes
Roxio5 Yes Yes Yes Yes
Roxio Mediahub Yes Yes Yes Yes
Silent Night Micro Yes Yes Yes Yes

Burner
Star Burn Yes Yes Yes Yes
Cloud Sync Box 4.0.6169 Yes Yes

Applications
Dropbox 3.2.9, Yes, Yes 3.2.9,

3.2.9 6.4.14,
6.4.14,
12.4.22,
12.4.22, 13.4.21,14.4.19
13.4.21, (desktop
14.4.19 client 14.5
(desktop MP1)
client 14.5
MP1)
Microsoft OneDrive 15.0.4675.1003 Yes Yes, and

for Win 8.1 OneDrive
(default) Personal
17.3.4726.0226 and
and OneDrive
17.3.6517.0809 for
for Win 7 Business
x86/x64 17.3.6390.0509,
(desktop 17.3.6517.0809
client)
Hightail 2.4.7.1621 Yes Yes

versions
Google Drive 1.20.8672.3137, Yes, Yes,

1.30.2170.049, 1.20.8672.3137 1.20.8672.3137,
1.32.3592.6117 1.30.2170.049,
1.32.3592.6117
Apple iCloud 4.0.3.56, Yes Yes

4.0.5.20
Miscellaneous Adobe Reader Yes Yes
Apple iTunes Yes Yes
Click-to-Run Microsoft No Yes

Professional
2013
Roxio_Central Yes Yes
WebEx Yes Yes

Communications
Module
Table 3-9 Applications supported by Endpoint Prevent on Apple macOS
Feature Software Software DLP 12.0 DLP 12.5 DLP 14.0 DLP 14.5 DLP 14.6
Version
Secure HTTP Firefox 36.0.4, No No Yes Yes Yes

(HTTPS) ESR 31.X
No No No Yes (49 and Yes 38 ESR,

50 45 ESR,
supported 45.1.1 ESR,
on DLP and 46.0.1
Agents, ESR on
version 14.5 macOS Agent
MP1)
Yes 45.4.0
and 49.0.2
ESR on
macOS
Agent.
Table 3-9 Applications supported by Endpoint Prevent on Apple macOS

(continued)
Feature Software Software DLP 12.0 DLP 12.5 DLP 14.0 DLP 14.5 DLP 14.6
Version
Safari 6.0.x, No No Yes No No

7.0.x.,
and 8.0.x
9.1 No No No Yes (on Yes

macOS
10.11)
10.0 No No No Yes (for Yes 10.0.1

DLP Agents,
version 14.5
MP1 on
macOS
10.11.6)
Google Chrome 41.0.x No No Yes Yes
50 No No No Yes Yes
51 No No Yes (on Yes Yes

DLP Agent
version
14.0.2)
52 No No Yes (on Yes Yes

DLP Agent
version
14.0.2)
53 No No No Yes
Email Outlook 2011 No No No Yes (2011) Yes (2016)
Instant Cisco Jabber Yes Yes

Messaging
Skype Yes Yes


Note: Mobile Prevent is deprecated in Symantec Data Loss Prevention 14.6 and
no compatibility tests were performed for this release.
The following table lists the iOS applications and response rules that are supported
by Mobile Prevent. See the Symantec Data Loss Prevention Administration Guide
for more information on creating policies and response rules.
Mobile Prevent is not supported on Single Server installations.
Note: Applications for iOS are frequently updated. The following table lists the
application versions that have been verified for functionality with Mobile Prevent.
Mobile Prevent supports the following Web applications through the Safari Web
browser for iPads and iPhones (for iOS versions 6.0, 6.0.1, 6.1, 6.1.2, 6.1.3, and
7). This table also lists the supported type of response rules available for each Web
application. See the Symantec Data Loss Prevention Administration Guide for more
information on creating policies and response rules.
Table 3-10 Web applications supported by Mobile Prevent
Application iOS version Symantec Data Loss Available Mobile Prevent Response Rules
Prevention version
Notification Block Content
Removal
AOL 4.3.x 12.0 Yes Yes Yes
5.0, 5.0.1, 5.1, 5.1.1 12.0 Yes Yes Yes
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.0 Yes Yes Yes
7 12.0 No No No
4.3.x 12.5 No No No
5.0, 5.0.1, 5.1, 5.1.1 12.5 No No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.5 No No No
7 12.5 Yes No No
Facebook 4.3.x 12.0 Yes Yes Yes
5.0, 5.0.1, 5.1, 5.1.1 12.0 Yes Yes Yes

Table 3-10 Web applications supported by Mobile Prevent (continued)
Prevention version
Removal
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.0 Yes Yes Yes
7 12.0 No No No
4.3.x 12.5 No No No
5.0, 5.0.1, 5.1, 5.1.1 12.5 No No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.5 No No No
7 12.5 No No No
Gmail 4.3.x 12.0 Yes No No
5.0, 5.0.1, 5.1, 5.1.1 12.0 Yes No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.0 Yes No No
7 12.0 No No No
4.3.x 12.5 No No No
5.0, 5.0.1, 5.1, 5.1.1 12.5 No No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.5 Yes No No
7 12.5 Yes No No
Windows Live 4.3.x 12.0 Yes No No

Mail
5.0, 5.0.1, 5.1, 5.1.1 12.0 Yes No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.0 Yes No No
7 12.0 No No No
4.3.x 12.5 No No No
5.0, 5.0.1, 5.1, 5.1.1 12.5 No No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.5 No No No
7 12.5 No No No
Yahoo! Mail 4.3.x 12.0 Yes No No

Table 3-10 Web applications supported by Mobile Prevent (continued)
Prevention version
Removal
5.0, 5.0.1, 5.1, 5.1.1 12.0 Yes No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.0 Yes No No
7 12.0 No No No
4.3.x 12.5 No No No
5.0, 5.0.1, 5.1, 5.1.1 12.5 No No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.5 Yes Yes Yes
7 12.5 Yes Yes Yes
Twitter 4.3.x 12.0 Yes Yes Yes
5.0, 5.0.1, 5.1, 5.1.1 12.0 Yes Yes Yes
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.0 Yes Yes Yes
7 12.0 No No No
4.3.x 12.5 No No No
5.0, 5.0.1, 5.1, 5.1.1 12.5 No No No
6.0, 6.0.1, 6.1, 6.1.2, 6.1.3 12.5 No No No
7 12.5 No No No
The following iOS components and applications are not supported in this release
of Symantec Data Loss Prevention Mobile Prevent:
SMTP and IMAP messaging
iCloud functionality
iTunes wireless synchronization
Note: iTunes synchronization is supported using a USB cable. See the

documentation that comes with your mobile device for more information.
Netflix for iPad application


Note: Mobile Email Monitor is deprecated in Symantec Data Loss Prevention 14.6
and no compatibility tests were performed for this release.
The following two tables provide compatibility information for Mobile Email Monitor.
Table 3-11 list the Microsoft Exchange ActiveSync versions that are compatible
with Symantec Data Loss Prevention Mobile Email Monitor on various devices.
Note: Symantec Data Loss Prevention Mobile Email Monitor is not supported on
Single Server installations.
Table 3-11 Microsoft Exchange ActiveSync versions compatible with Mobile

Email Monitor
ActiveSync Versions Devices Mail applications
Microsoft Exchange ActiveSync 2010 iPhone iOS native email
Table 3-12 lists the devices and operating systems that are compatible with
Symantec Data Loss Prevention Mobile Email Monitor.
Table 3-12 Mobile devices and operating systems compatible with Mobile Email
Monitor
Device Operating systems
iPhone iOS 8.x

Symantec DLP 14.6 System Requirements Guide

Uploaded by

Copyright:

Available Formats

Symantec DLP 14.6 System Requirements Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Symantec DLP 14.6 System Requirements Guide

Uploaded by

Copyright:

Available Formats

Symantec Data Loss

Last updated: 02 December 2016

Last updated: 02 December 2016

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

Chapter 1 About this guide .................................................................... 6

Chapter 2 System requirements and recommendations ................ 7

Chapter 3 Product compatibility ......................................................... 35

About updates to Symantec Data Loss Prevention system requirements

About updates to Symantec Data Loss Prevention

Deployment planning considerations

Minimum system requirements for Symantec Data Loss Prevention servers

Endpoint computer requirements for the Symantec DLP Agent

Symantec Data Loss Prevention for Mobile requirements

Supported languages for detection

Available language packs

Oracle database requirements

Browser requirements for accessing the Enforce Server administration console

Requirements for using certificate authentication for single sign-on

Virtual server support

Virtual desktop and virtual application support with Endpoint Prevent

Third-party software requirements and recommendations

Deployment planning considerations

The amount of network traffic you want to monitor

The effect of scale on system requirements

Table 2-1 Types of enterprise deployments

Variable Small Organization Small/Medium Large/Very Large

Number of employees < 1000 < 10,000 > 10,000

Table 2-1 Types of enterprise deployments (continued)

Variable Small Organization Small/Medium Large/Very Large

Minimum system requirements for Symantec Data

See Oracle database requirements on page 24.

Small organization minimum hardware requirements

Processor 8-core 2.5 GHz CPU

Disk 3 TB, RAID 5 configuration (with a minimum of five

NICs 1 copper or fiber 1 Gb Ethernet NIC (if you are using

Small/medium enterprise minimum hardware requirements

Table 2-3 Small/medium enterprise minimum system requirements

Required for Enforce Server Network Monitor Network Discover/Cloud

Table 2-3 Small/medium enterprise minimum system requirements (continued)

Required for Enforce Server Network Monitor Network Discover/Cloud

Disk 500 GB, RAID 1+0 or RAID 140 GB 140 GB

See Oracle database requirements on page 24.

See The effect of scale on system requirements on page 8.

Large/very large enterprise minimum hardware requirements

Table 2-4 Large/Very Large enterprise minimum system requirements

Required For Enforce Server Network Monitor Network Discover/Cloud

See article TECH235074 at See article TECH235074 at See article TECH235074 at

Table 2-4 Large/Very Large enterprise minimum system requirements

Required For Enforce Server Network Monitor Network Discover/Cloud

Disk Requirements 1 TB, RAID 1+0 or RAID 5 140 GB 140 GB

NICs To communicate with To communicate with the To communicate with the

1 copper or fiber 1 Gb/100 1 copper or fiber 1 Gb/100 1 copper or fiber 1 Gb/100

For network traffic

1 copper or fiber 1 Gb/100

High-speed packet capture n/a See High-speed packet n/a

See Oracle database requirements on page 24.

Operating system requirements for servers

Operating system requirements for Single Server deployments

Note: Installing the Oracle database on Windows 2016 is not supported.

Operating system requirements for the domain controller agent