Professional Documents
Culture Documents
0 Patch 3
May 21, 2012
Introduction
This document lists whats new and changed in RSA DLP. It includes additional installation information, as well as workarounds for known issues. Read this document before installing the software. This document contains the following sections: Package Contents Patch Installation Whats New Special Notes Known Issues Support and Service
Package Contents
The RSA DLP 9.0 Patch 3 package contains: RSA_DLP_Suite_9.0-P3.zip which includes: RSA_DLP_Installer_Update_9.0-P3.exe DLP_Network_9.0-P3_Upgrade.gpg
Patch Installation
Follow the instructions in this section to install the patch.
Network Upgrade
Install the .gpg file, DLP-Network-9.0-P3_update.gpg, on all the Network components. Installing the .gpg File on the Network Appliances Note: You do not have to stop and start the Network appliance services; the update process does it automatically. Important: You must install the patch on the Network Controller first. Then you can install it on the other Network appliances: sensor, interceptor, and ICAP server, in any order.
May 2012
Endpoint Upgrade
To install the update on the Endpoint machines, do one of the following: Select Request Upgrade on the Enterprise Manager. Use a mass deployment tool, such as Microsoft System Center Configuration Manager (SCCM), and select Request Upgrade on the Enterprise Manager.
Whats New
Network ICAP Web Mail Enhanced: With this release, the Network ICAP servers capability to monitor sensitive web mail content has been enhanced. If web mail containing sensitive content is sent and the action is set to block, the sensitive content in the body, subject, and attachments is replaced by a modified e-mail sent from DLP. For example, if only the attachment contains sensitive content, only the attachment is replaced. However, if the body or subject contains sensitive content, both the body and the subject are replaced. The intended recipient receives the modified e-mail based on a default replacement template set in the nwsystemconfig.xml file. The e-mail sender does not receive any notification that the e-mail sent was modified. The nwsystemconfig.xml file contains a web mail subject-replacement template for blocked emails. The default replacement for web mail subject lines that contain sensitive content is: ***Email Blocked - Contained Sensitive Information*** If you want to change the default replacement-subject template: a. c. Access the ICAP server. Search for <subjectreplacetemplate>. b. Open the nwsystemconfig.xml file. d. Make your edits. e. Save the file. f. Restart the ICAP Server using the following command: moncmd restart icapserver
Special Notes
To correct an issue with the DLP Network replacement template, used to replace e-mail containing sensitive content, do the following: 1. From Enterprise Manager, access Admin > Notifications > Automatic Templates. 2. Select Network ICAP Replace Message Template. The Message Template page displays.
May 2012
Fixed Issues
This section lists the issues that have been fixed in this release.
Description Installation
After you upgraded to DLP 9.0 P2 with the Partner Interop feature enabled, the prompt to stop the Enterprise Manager service failed to appear when you stopped the local site service. The local site service enables communication between Enterprise Manager and the Partner Device. Upgrading to RSA DLP P2 reset the Enterprise Manager home to C:\RSA if you had DLP installed in a directory other than C:\RSA.
May 2012
On the Enterprise Manager Event Details page for Datacenter Exchange Scans, the Owner, Item Owner, File Owner fields displayed Administrator for all mailboxes. On the Enterprise Manager Incident Details page, an pop-up message displayed when you selected an event row for a web-mail violation. The message was: document.getElementById ("selectedEmailFrom") is null is displayed.
When you attempted to import custom policies, with custom regex and dictionaries, from a DLP test system to a DLP production system, the import failed. Enterprise Manager did not display Russian correctly in the LDAP group information. When you enabled self-release of quarantined e-mail, you could not change the URL in the notification e-mail so that the link would go to another server other than the DLP web server. When you logged into Enterprise Manager as an LDAP user and attempted to create a new Enterprise Manager user, you received multiple error messages and could not create the user. When you added or deleted policies in Enterprise Manager, the policy file was not updated properly and error messages displayed on the Enterprise Manager console.
DLP Datacenter
Sometimes user permissions displayed on Enterprise Manager Event Details page were incorrect. For example, the console showed Allow Read for a specific user ID, but the Enterprise Manager database contained Modify for the same user. Note: For WebDav scans, DLP does not support retrieving access control information.
Possible memory leaks were fixed so that grid worker out-of-memory conditions would not occur. The out-of-memory conditions were only seen in Config scans. However, the resolution applies to all scans. For Config scans, the DLP default work batch size was too high. This could have caused memory leaks and inefficient grid worker utilization.
May 2012
DLP Network did not detect sensitive content for a partial fingerprint blade in Yahoo mail with plain text enabled. An error condition, caused by two Network sensor processes accessing a log file at one time, caused the all Network sensor services to restart. Alerts on the Network Sensor When DLP Network detected sensitive content in web mail, such as Yahoo, Gmail, MS Livemail, and AOL, a pop-up message displayed that was not informative which resulted in the sender resending the same e-mail containing sensitive content. With this fix, the sender does not see a pop-up message. The recipient receives an e-mail stating that the e-mail contained sensitive content and it was replaced by the message received.
After upgrading to 8.5 SP1 P2, the usermap file did not get updated on the Network devices which caused policies based on specific Active Directory users to default to all users. Russian language e-mail matched content was corrupted. DLP Network failed to detect violations in custom e-mail headers.
DLP Endpoint
DLP Endpoint agent prevented zip file extractions from a network share drive when you used the extract option on Windows explorer. DLP Endpoint did not include with the event sensitive content, located within subfiles, that matched fingerprint or database content blades. DLP Endpoint did not start when Bytemobile was installed on the endpoint machine. After you canceled a scan, DLP left temporary files on the grid worker that should have been deleted. Matched content was missing in the event for policies targeted at Instant Messaging and HTTP(S). When using a Windows XP machine with Endpoint agent installed, the print operation hangs if the document is printed using the Amyuni PDF converter.
May 2012
Known Issues
If Enterprise Manager Was Installed in a Directory Other Than the Default Directory, Empty Folders Are Created During an Upgrade Problem: If you installed DLP Enterprise Manager in a directory other than the default, C:\RSA, when you upgrade to RSA DLP 9.0 P3, empty directories are created. Workaround: Delete the empty directories: C:\RSA\Certs C:\RSA\Site C:\RSA\Site\Certs
Upgrading to DLP 9.0 P3 from the Upgrade Manager Failed Problem: If you use the Upgrade Manager in Enterprise Manager to upgrade a selected Endpoint group or DLP Datacenter to DLP 9.0 P3, the upgrade fails. Workaround: Try the upgrade again. It works on the second attempt.
When Installing DLP 9.0 P3 in a Clustered Environment, the Enterprise Coordinator Service Does Not Start Problem: When you install DLP 9.0 P3 in a clustered environment, the Enterprise Coordinator Service does not start after you install DLP 9.0 P3 on node 2 in the clustered environment. Workaround: After you have installed DLP 9.0 P3 on node 2 in the clustered environment, switch back to node 1 and start the Enterprise Coordinator service. 1. Open the Windows Services Console. 2. Start the RSA DLP Enterprise Coordinator service.
Copyright 2012 EMC Corporation. All Rights Reserved. Published in the USA.
May 2012
Trademarks
RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.rsa.com/legal/trademarks_list.pdf.
May 2012