About policy creation for Endpoint Prevent
Endpoint Prevent
Endpoint Prevent
policies execute DCM and VML conditions locally on the endpoint. An Endpoint Prevent
policy contains a response rule that creates a real-time user interaction. The user interaction either blocks a file transfer or notifies the user of a policy violation. These notifications are then attached to the incident. Endpoint policies also differ as to where the detection occurs. Detection for EDM and DGM policies is performed on the Endpoint Server. Detection for DCM and IDM policies is performed directly by the Symantec DLP Agent.
The response rules Block, Notify, and User Cancel are performed only by the Symantec DLP Agent.
Because detection for EDM, and DGM policies is performed on the Endpoint Server, the detection takes more time and uses more bandwidth. Extra time and bandwidth are required because file contents are sent to the Endpoint Server for detection. When an agent performs detection for IDM and DCM policies, it only sends incidents to the Endpoint Server.