Release Notes RSA DLP 9.

0 Patch 3
May 21, 2012

Introduction
This document lists whats new and changed in RSA DLP. It includes additional installation information, as well as workarounds for known issues. Read this document before installing the software. This document contains the following sections: Package Contents Patch Installation Whats New Special Notes Known Issues Support and Service

Package Contents
The RSA DLP 9.0 Patch 3 package contains: RSA_DLP_Suite_9.0-P3.zip which includes: RSA_DLP_Installer_Update_9.0-P3.exe DLP_Network_9.0-P3_Upgrade.gpg

Patch Installation
Follow the instructions in this section to install the patch.

Enterprise Manager and Enterprise Coordinator Upgrade

To install DLP 9.0 Patch 3 for the Enterprise Manager and Enterprise Coordinator: Important: If the Enterprise Manager and Enterprise Coordinator reside on different machines, perform these steps on both machines. Start with the Enterprise Manager. Then perform the steps on the Enterprise Coordinator. 1. Copy RSA_DLP_Installer_Update_9.0-P3.exe to the machine hosting the Enterprise Coordinator and Enterprise Manager. 2. Double-click RSA_DLP_Installer_Update_9.0-P3.exe to start the installation.

Network Upgrade
Install the .gpg file, DLP-Network-9.0-P3_update.gpg, on all the Network components. Installing the .gpg File on the Network Appliances Note: You do not have to stop and start the Network appliance services; the update process does it automatically. Important: You must install the patch on the Network Controller first. Then you can install it on the other Network appliances: sensor, interceptor, and ICAP server, in any order.

May 2012

DLP 9.0 Patch 3 Release Notes

Downloading the update from the RSA website: 1. Copy the .gpg file to the /home/tablus directory. 2. From the Network appliance, go to the DLP Network Main Menu. 3. Select option 4, Check for Updates. 4. Select option 2 -- Check for updates from the update file on the local system. 5. Follow the remaining prompts as the Network appliance moves through the installation. After the installation is completed, you will see the updated DLP version number on the screen. 6. Repeat steps 1 - 5 on the remaining network appliances.

Endpoint Upgrade
To install the update on the Endpoint machines, do one of the following: Select Request Upgrade on the Enterprise Manager. Use a mass deployment tool, such as Microsoft System Center Configuration Manager (SCCM), and select Request Upgrade on the Enterprise Manager.

Whats New
Network ICAP Web Mail Enhanced: With this release, the Network ICAP servers capability to monitor sensitive web mail content has been enhanced. If web mail containing sensitive content is sent and the action is set to block, the sensitive content in the body, subject, and attachments is replaced by a modified e-mail sent from DLP. For example, if only the attachment contains sensitive content, only the attachment is replaced. However, if the body or subject contains sensitive content, both the body and the subject are replaced. The intended recipient receives the modified e-mail based on a default replacement template set in the nwsystemconfig.xml file. The e-mail sender does not receive any notification that the e-mail sent was modified. The nwsystemconfig.xml file contains a web mail subject-replacement template for blocked emails. The default replacement for web mail subject lines that contain sensitive content is: ***Email Blocked - Contained Sensitive Information*** If you want to change the default replacement-subject template: a. c. Access the ICAP server. Search for <subjectreplacetemplate>. b. Open the nwsystemconfig.xml file. d. Make your edits. e. Save the file. f. Restart the ICAP Server using the following command: moncmd restart icapserver

Special Notes
To correct an issue with the DLP Network replacement template, used to replace e-mail containing sensitive content, do the following: 1. From Enterprise Manager, access Admin > Notifications > Automatic Templates. 2. Select Network ICAP Replace Message Template. The Message Template page displays.

May 2012

DLP 9.0 Patch 3 Release Notes

3. Click Edit. The Message Body displays. 4. Select the View Source check box. The HTML source appears. 5. Copy and paste the following HTML to replace the existing information. <div style="text-align: center;">&nbsp;&nbsp;&nbsp;&nbsp; <br><hr style="width: 100%; height: 2px;">A&nbsp; Policy violation may have occurred during transmission of file or message.<hr style="width: 100%; height:2px;"></div>&nbsp;&nbsp; &nbsp;<table><tbody><tr><td></td><td width="85%">This&nbsp; information has&nbsp;been removed because it contained sensitive data according to the sender's&nbsp; organization. If you were&nbsp;expecting information from the sender, shown in the email header, you&nbsp; may want to notify the sender the&nbsp;information was blocked. Otherwise, no action is&nbsp; required.</td><td></td></tr></tbody></table><br><br><div style="text-align:center;"><font style="color: rgb(0, 0, 153); font-family: Arial,Helvetica,sans-serif;" size="1">Generated by RSA Data Loss Prevention</font></div> 6. Click Save. Important: Cutting and pasting the HTML from this document may remove necessary spaces in the message. After cutting and pasting, you may need to add spaces in Enterprise Manager. The replacement message should look like the following example:

Fixed Issues
This section lists the issues that have been fixed in this release.
Description Installation

After you upgraded to DLP 9.0 P2 with the Partner Interop feature enabled, the prompt to stop the Enterprise Manager service failed to appear when you stopped the local site service. The local site service enables communication between Enterprise Manager and the Partner Device. Upgrading to RSA DLP P2 reset the Enterprise Manager home to C:\RSA if you had DLP installed in a directory other than C:\RSA.

May 2012

DLP 9.0 Patch 3 Release Notes

Description DLP Enterprise Manager

On the Enterprise Manager Event Details page for Datacenter Exchange Scans, the Owner, Item Owner, File Owner fields displayed Administrator for all mailboxes. On the Enterprise Manager Incident Details page, an pop-up message displayed when you selected an event row for a web-mail violation. The message was: document.getElementById ("selectedEmailFrom") is null is displayed.

When you attempted to import custom policies, with custom regex and dictionaries, from a DLP test system to a DLP production system, the import failed. Enterprise Manager did not display Russian correctly in the LDAP group information. When you enabled self-release of quarantined e-mail, you could not change the URL in the notification e-mail so that the link would go to another server other than the DLP web server. When you logged into Enterprise Manager as an LDAP user and attempted to create a new Enterprise Manager user, you received multiple error messages and could not create the user. When you added or deleted policies in Enterprise Manager, the policy file was not updated properly and error messages displayed on the Enterprise Manager console.

DLP Datacenter

Sometimes user permissions displayed on Enterprise Manager Event Details page were incorrect. For example, the console showed Allow Read for a specific user ID, but the Enterprise Manager database contained Modify for the same user. Note: For WebDav scans, DLP does not support retrieving access control information.

Possible memory leaks were fixed so that grid worker out-of-memory conditions would not occur. The out-of-memory conditions were only seen in Config scans. However, the resolution applies to all scans. For Config scans, the DLP default work batch size was too high. This could have caused memory leaks and inefficient grid worker utilization.

May 2012

DLP 9.0 Patch 3 Release Notes

Description DLP Network

DLP Network did not detect sensitive content for a partial fingerprint blade in Yahoo mail with plain text enabled. An error condition, caused by two Network sensor processes accessing a log file at one time, caused the all Network sensor services to restart. Alerts on the Network Sensor When DLP Network detected sensitive content in web mail, such as Yahoo, Gmail, MS Livemail, and AOL, a pop-up message displayed that was not informative which resulted in the sender resending the same e-mail containing sensitive content. With this fix, the sender does not see a pop-up message. The recipient receives an e-mail stating that the e-mail contained sensitive content and it was replaced by the message received.

After upgrading to 8.5 SP1 P2, the usermap file did not get updated on the Network devices which caused policies based on specific Active Directory users to default to all users. Russian language e-mail matched content was corrupted. DLP Network failed to detect violations in custom e-mail headers.

DLP Endpoint

DLP Endpoint agent prevented zip file extractions from a network share drive when you used the extract option on Windows explorer. DLP Endpoint did not include with the event sensitive content, located within subfiles, that matched fingerprint or database content blades. DLP Endpoint did not start when Bytemobile was installed on the endpoint machine. After you canceled a scan, DLP left temporary files on the grid worker that should have been deleted. Matched content was missing in the event for policies targeted at Instant Messaging and HTTP(S). When using a Windows XP machine with Endpoint agent installed, the print operation hangs if the document is printed using the Amyuni PDF converter.

May 2012

DLP 9.0 Patch 3 Release Notes

Known Issues
If Enterprise Manager Was Installed in a Directory Other Than the Default Directory, Empty Folders Are Created During an Upgrade Problem: If you installed DLP Enterprise Manager in a directory other than the default, C:\RSA, when you upgrade to RSA DLP 9.0 P3, empty directories are created. Workaround: Delete the empty directories: C:\RSA\Certs C:\RSA\Site C:\RSA\Site\Certs

Upgrading to DLP 9.0 P3 from the Upgrade Manager Failed Problem: If you use the Upgrade Manager in Enterprise Manager to upgrade a selected Endpoint group or DLP Datacenter to DLP 9.0 P3, the upgrade fails. Workaround: Try the upgrade again. It works on the second attempt.

When Installing DLP 9.0 P3 in a Clustered Environment, the Enterprise Coordinator Service Does Not Start Problem: When you install DLP 9.0 P3 in a clustered environment, the Enterprise Coordinator Service does not start after you install DLP 9.0 P3 on node 2 in the clustered environment. Workaround: After you have installed DLP 9.0 P3 on node 2 in the clustered environment, switch back to node 1 and start the Enterprise Coordinator service. 1. Open the Windows Services Console. 2. Start the RSA DLP Enterprise Coordinator service.

Support and Service

RSA SecurCare Online Customer Support Information RSA Secured Partner Solutions Directory https://knowledge.rsasecurity.com www.rsa.com/support www.rsasecured.com

Copyright 2012 EMC Corporation. All Rights Reserved. Published in the USA.

May 2012

DLP 9.0 Patch 3 Release Notes

Trademarks
RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.rsa.com/legal/trademarks_list.pdf.

May 2012