What's New and Changed in Symantec Data Loss Prevention 15.8

Last updated: February 1, 2021 What's New and Changed in Symantec Data Loss Prevention 15.8

Table of Contents

Introducing Symantec Data Loss Prevention 15.8...... 4 About What's New in DLP 15.8...... 4 Summary of new and changed features...... 4 Enhanced MIP and Data Loss Prevention integration...... 4 Endpoint features...... 5 Enforce Server and platform features...... 5 End User Remediation: (incident management)...... 6 Discover features...... 7 Detection features...... 7 Cloud features...... 8 Language support in Data Loss Prevention...... 8 New and changed features in Data Loss Prevention 15.8...... 9 Enhanced MIP and Data Loss Prevention integration...... 9 Manage MIP classification and decryption credential profiles in the Enforce Server administration console and the Cloud Management Portal...... 9 Import MIP tags in the Enforce Server administration console...... 9 Support for authoring an MIP classification-based Data Loss Prevention policy condition for the Endpoint, Network, Storage, and Cloud...... 10 Enable MIP classification for Microsoft Office applications on endpoints...... 10 DLP Agent inspection of files and emails that are encrypted by MIP...... 10 DLP Agent support for using a network proxy to connect to the MIP portal...... 10 Enable Enforce Server and detection server support for using a network proxy to connect to the MIP portal...... 11 Network and Storage support for inspecting files and emails that are encrypted by MIP...... 11 Endpoint features in Data Loss Prevention 15.8...... 11 LiveUpdate improvements...... 11 Support for Microsoft OneDrive within Microsoft Office Applications...... 12 Support for Box Drive...... 12 Support for monitoring Microsoft Edge Chromium on Windows endpoints using extensions...... 12 Rearchitecture of Google Chrome monitoring for endpoints...... 12 Rearchitecture of Mozilla Firefox monitoring for macOS endpoints...... 13 Rearchitecture of Microsoft Outlook monitoring for macOS endpoints...... 13 Filtering for multiple endpoints on the Agent List page...... 13 Allow Microsoft Outlook emails encrypted with S/MIME to be sent...... 13 Enforce Server and platform features in Data Loss Prevention 15.8...... 13 Age-based filtering and incidents...... 13 Phased migration during upgrade...... 14 Network Detection uptime protection...... 14

2 What's New and Changed in Symantec Data Loss Prevention 15.8

Support for Red Hat Enterprise Linux 8...... 14 Support for Windows Server 2019...... 14 Ability to specify usage type for User Groups...... 15 Support for Oracle 19c Enterprise and Standard Edition 2...... 15 Support for OpenJDK 8 Java Runtime Environment (JRE)...... 15 Email quarantine integration with Symantec Messaging Gateway...... 15 Support for installing EMDI, EDM, and IDM remote indexers on Linux systems...... 15 End User Remediation in Data Loss Prevention 15.8...... 15 End User Remediation for decentralized incident remediation...... 15 Discover features in Data Loss Prevention 15.8...... 16 Enhanced support for the web server scanner...... 16 Network Discover support for Microsoft SharePoint 2019...... 16 Removal of the Veritas Data Insight license file...... 16 Rewritten Folder Risk Report page to remove Adobe Flash dependency...... 16 Detection features in Data Loss Prevention 15.8...... 16 High-performance Office Open XML content extraction upgrade...... 16 DICOM file metadata detection...... 17 XMP metadata detection for a variety of formats...... 17 New and updated data identifiers in 15.8...... 17 Cloud features in Data Loss Prevention 15.8...... 22 Cloud email quarantine and release integration with Email Security.cloud...... 22 Language support in Data Loss Prevention 15.8...... 23 Important changes to language support in Data Loss Prevention 15.8...... 23 Removed and deprecated platforms and features...... 24 Copyright statement...... 26

3 What's New and Changed in Symantec Data Loss Prevention 15.8

Introducing Symantec Data Loss Prevention 15.8

About What's New in DLP 15.8 What's New and What's Changed in Symantec Data Loss Prevention 15.8 describes new features and capabilities that are associated with the release. It also highlights changes relative to previous releases, including removal of features or supported platforms. This guide does not contain implementation or configuration details for these new features. It provides an overview of each new feature in Symantec Data Loss Prevention 15.8, including, where appropriate, enough detail to help you understand how this feature is used. It also includes deployment information to help you plan for rolling out these new features to your organization. Where possible, the guide provides pointers to further information about new and changed functionality. Summary of new and changed features New and changed features in Data Loss Prevention 15.8 Summary of new and changed features New and changed features in Symantec Data Loss Prevention 15.8 are summarized in the following sections. Extended descriptions of each feature are provided later in this guide. Enhanced MIP and Data Loss Prevention integration The integration between Symantec Data Loss Prevention and Microsoft Information Protection adds significant capabilities in Data Loss Prevention 15.8: • On Windows endpoints, DLP Agents can read MIP-protected documents and Outlook emails; and on macOS endpoints, DLP Agents can read MIP-protected documents. This expands the ability to read encrypted content offered previously by Symantec AIP Insight, where MIP-encrypted content could only be read for Data Loss Prevention for Network, Storage, and DLP Cloud channels. • You can write DLP policies to look for MIP Classification labels in files and messages, for all Data Loss Prevention product modules (Network, Storage, DLP Cloud, and Windows Endpoint). • You can write DLP policies with a response rule that can suggest or automatically apply MIP labels for Office documents on endpoints. For more information, see the expanded discussion in Enhanced MIP and Data Loss Prevention integration later in this guide.

4 What's New and Changed in Symantec Data Loss Prevention 15.8

Endpoint features

Table 1: New and changed Endpoint features

Feature Short description

LiveUpdate improvements LiveUpdate now supports macOS endpoints and allows more granular control over the deployment of agent updates. LiveUpdate improvements Support for Microsoft OneDrive within Microsoft Office applications Detect and protect confidential information when files are saved to Microsoft OneDrive from Microsoft Office applications. Support for Microsoft OneDrive within Microsoft Office Applications Support for Box Drive Detect and protect confidential information when files are saved to or accessed from Box Drive. Support for Box Drive Support for monitoring Microsoft Edge Chromium on Windows The new DLP Agent uses browser extensions to monitor Microsoft endpoints using extensions Edge Chromium on Windows endpoints. Rearchitecture of Google Chrome and Firefox browser extensions Rearchitecture of Google Chrome and Firefox browser extensions now supports older macOS versions now supports macOS versions 10.14 and 10.15. DLP 15.7 MP2 rearchitected browser extensions supported macOS 11 only. Rearchitecture of Google Chrome monitoring for endpoints The new DLP Agent uses browser extensions to monitor Google Chrome on Windows endpoints. Rearchitecture of Google Chrome monitoring for endpoints Rearchitecture of Mozilla Firefox monitoring for endpoints The new DLP Agent uses browser extensions to monitor Mozilla Firefox on macOS endpoints. Rearchitecture of Mozilla Firefox monitoring for macOS endpoints Rearchitecture of Microsoft Outlook monitoring for macOS The new DLP Agent uses a Microsoft Outlook add-in for macOS endpoints endpoints to monitor emails and calendar events that are created and sent using Microsoft Outlook and Outlook Web Access. This support is also available with a DLP 15.5 hot fix and in DLP 15.7 MP2. Health monitoring events for Microsoft Outlook are added for DLP 15.8. Rearchitecture of Microsoft Outlook monitoring for macOS endpoints Filtering for multiple endpoints on the Agent List page On the Agent List page of the Enforce Server administration console, you can filter for more than one endpoint using the search box in the Machine column. Filtering for multiple endpoints on the Agent List page Allow Microsoft Outlook emails encrypted with S/MIME to be sent Configure DLP Agents to disregard outgoing emails in Microsoft Outlook that have the Encrypt with S/MIME option enabled so that the DLP Agent no longer blocks the email from being sent. This feature is not available for macOS endpoints. Allow Microsoft Outlook emails encrypted with S/MIME to be sent

Enforce Server and platform features

5 What's New and Changed in Symantec Data Loss Prevention 15.8

Table 2: New and changed Enforce Server and platform features

Feature Short description Age-based filtering of incidents Ability to filter incidents based on their age and last update date. Age-based filtering and incidents Phased migration during upgrade The Data Loss Prevention upgrade completes in separate phases and provides an overview of potential system and database issues. DLP Administrators use the overview to identify and fix issues before the system goes down. Phased migration during upgrade Network detection uptime protection Ability for Network Monitor to detect and report incidents after the server is restarted. Network Detection uptime protection Support for Red Hat Enterprise Linux 8 Support for Red Hat Enterprise Linux 8 on the Enforce Server and detection servers. Support for Red Hat Enterprise Linux 8 Support for Windows Server 2019 Support for Microsoft Windows Server 2019 on the Enforce Server and detection servers. Support for Windows Server 2019 Ability to specify the usage type for User Groups Ability to specify the usage type (for policy management or based on roles) when creating a User Group. Ability to specify usage type for User Groups Support for Oracle 19c Enterprise and Standard Edition 2 You can deploy the Data Loss Prevention database on Oracle 19c for Enterprise and Standard Edition 2. Support for Oracle 19c Enterprise and Standard Edition 2 Support for OpenJDK 8 Java Runtime Environment (JRE) You can deploy Data Loss Prevention with Java Open JDK 8. Support for OpenJDK 8 Java Runtime Environment (JRE) Support for running the Oracle database in the VMware You can deploy the Data Loss Prevention database to a VMware environment environment. Email quarantine integration with Symantec Messaging Gateway You can use the Enforce Server administration console to request release from Symantec Messaging Gateway (SMG) quarantine, and you can delete SMG quarantined messages, using two new Smart Response rules. Email quarantine integration with Symantec Messaging Gateway Support for installing EMDI, EDM, and IDM remote indexers on You can install EMDI, EDM, and IDM Remote Indexers on Linux Linux systems systems. Support for installing EMDI, EDM, and IDM remote indexers on Linux systems

End User Remediation: (incident management)

Table 3: End User Remediation

Feature Short description End User Remediation End User Remediation simplifies the management of DLP incidents by decentralizing the incident remediation process. End User Remediation

6 What's New and Changed in Symantec Data Loss Prevention 15.8

Discover features

Table 4: New and changed Discover features

Feature Short description Enhanced support for the web server scanner The Data Loss Prevention web server scanner can now scan web applications and websites using TLS through version 1.3. The Web Server scanner can also retrieve content from various document types including web documents, Word, Excel, and PDF files. Enhanced support for the web server scanner Network Discover support for Microsoft SharePoint 2019 Network Discover now supports the detection and quarantine of sensitive files that are located in Microsoft SharePoint 2019 repositories. Network Discover support for Microsoft SharePoint 2019 Removal of the Veritas Data Insight license file The Data Insight page in the Enforce Server administration console is now accessible without a license file. Removal of the Veritas Data Insight license file Rewritten Folder Risk Report page to remove Adobe Flash The Folder Risk Report page for Veritas Data Insight integration dependency has been rewritten to remove a dependency on Adobe Flash, which Adobe no longer supports. Rewritten Folder Risk Report page to remove Adobe Flash dependency

Detection features

Table 5: New and changed Detection features

Feature Short description High-performance Office Open XML content extraction upgrade A high-performance Office Open XML content extraction upgrade is enabled by default in Data Loss Prevention 15.8. High-performance Office Open XML content extraction upgrade DICOM file metadata detection Ability to detect metadata in an image saved in the Digital Imaging and Communications in Medicine (DICOM) format. DICOM file metadata detection XMP metadata detection for a variety of formats Ability to detect XMP metadata for PDF, PNG, GIF, JPG, and TIFF. XMP metadata detection for a variety of formats New and updated data identifiers in 15.8 Symantec Data Loss Prevention 15.8 includes 18 new data identifiers and 107 renamed data identifiers. New and updated data identifiers in 15.8

7 What's New and Changed in Symantec Data Loss Prevention 15.8

Cloud features

Table 6: New and changed Cloud features

Feature Short description Cloud email quarantine and release integration with Email On-premises quarantine and release capabilities of the integration Security.cloud with Symantec Mail Gateway is extended to the cloud using Email Security.cloud. Cloud email quarantine and release integration with Email Security.cloud

Language support in Data Loss Prevention

Table 7: Important Changes to Language Support

Feature Short description

Important changes to language support As of DLP 15.7 MP1, Data Loss Prevention only supports the following languages: English, Brazilian Portuguese, Spanish, French, and Japanese. Important changes to language support

8 What's New and Changed in Symantec Data Loss Prevention 15.8

New and changed features in Data Loss Prevention 15.8

Enhanced MIP and Data Loss Prevention integration Microsoft Information Protection provides classification and Digital Rights Management capabilities. MIP also encompasses what previously was referred to as Azure Information Protection (AIP). Support for MIP is integrated into the Symantec Data Loss Prevention 15.8 Enforce Server, and across all Data Loss Prevention channels. Previously, AIP Insight for Data Loss Prevention versions 15.1 through 15.7 provided decryption of MIP-protected documents and emails and their inspection by Network, Storage, and Cloud DLP control points. The AIP Insight solution required the download and installation of a plugin. The new MIP integration does not require a plugin. Customers of the AIP Insight solution can migrate to the new MIP integration available in Data Loss Prevention 15.8. Data Loss Prevention 15.8 adds MIP integration for DLP Endpoint. The capabilities for DLP Endpoint and MIP integration include: • Decrypting MIP-protected documents and emails. Other DLP control points in Network, Storage, and Cloud already support this feature. • Suggesting MIP labels based on DLP policy. • Enforcing MIP labels based on DLP policy. The following sections provide details about the MIP integration features in Data Loss Prevention 15.8. Manage MIP classification and decryption credential profiles in the Enforce Server administration console and the Cloud Management Portal You can configure an MIP classification credential profile and one or more MIP decryption credential profiles on the System > Settings > MIP Credential Profiles screen of the Enforce Server administration console. The Enforce Server uses the classification credentials to import the classification labels from the MIP portal. After classification synchronization is completed, you can use the available labels and sub-labels to configure response actions to recommend labels to endpoint users or automatically apply labels to supported file types. You can configure only one MIP classification credential profile. You can configure more than one MIP decryption credential profile. The decryption credentials that you configure must have sufficient privileges to decrypt all documents and emails that flow through a specific control point. • Network and Storage detection servers use the decryption credential to inspect files that are encrypted by Microsoft Information Protection. • The Cloud detection service uses the decryption credential specified in the Cloud Management Portal. • The DLP Agent prompts the end user for decryption credentials on the Endpoint.

Import MIP tags in the Enforce Server administration console

Data Loss Prevention can connect to the MIP portal and pull down both the GLOBAL and SCOPED policy labels (including their SUB LABELS) into the Enforce Server administration console. Then, the DLP Policy Administrator can use the Enforce Server administration console to select from the imported MIP labels to create policy detection rules. This integration enables reading of MIP classification labels in documents and emails across Network, Storage, Cloud, and Endpoint.

9 What's New and Changed in Symantec Data Loss Prevention 15.8

Support for authoring an MIP classification-based Data Loss Prevention policy condition for the Endpoint, Network, Storage, and Cloud

Policy authors can create a "Content Matches MIP Classification" policy that can detect specific MIP tags or labels in documents and emails. Enable MIP classification for Microsoft Office applications on endpoints

After you configure an MIP classification credential profile on the Enforce Server, you can use the Classification tab in agent configurations to enable or disable classification for specific applications. Data Loss Prevention allows you to enable and disable MIP classification in the following applications: • Microsoft Excel • Microsoft PowerPoint • Microsoft Word If you enable classification for any of these applications, you can use the Endpoint: MIP Classification response action to recommend labels or apply specific labels to documents that are associated with those applications.

DLP Agent inspection of files and emails that are encrypted by MIP The Settings tab in agent configurations now includes the Microsoft Information Protection section, which provides the Enable Data Loss Prevention to inspect files that are encrypted by MIP option. Select this option to enable the DLP Agent to inspect files and emails that are encrypted by MIP. Decryption of MIP protected files on the endpoints by the DLP agent requires the DLP agent to prompt the endpoint user for authenticating with MIP. After the user has successfully authenticated, the endpoint agent can seamlessly inspect encrypted documents and emails for sensitive content and then allow or block based on DLP policy. NOTE The DLP Agent supports the inspection of MIP-encrypted emails on Windows endpoints only. Until the time that the endpoint user authenticates with MIP there is the following setting which specifies if the agent should block or allow the file transfer. In previous releases of DLP, the agent allowed MIP protected files to be transferred. The default setting for this release is to block file transfer and prompt the user to sign in.

In DLP Agent configurations, the PostProcessor.MIP_DEFAULT_ACTION.int advanced setting specifies whether user actions are blocked or allowed when users attempt to copy or transfer files that are encrypted by Microsoft Information Protection. By default, the RMS encrypted document copy is blocked if the user is not already authenticated.

The default of the PostProcessor.MIP_DEFAULT_ACTION.int advanced setting is 1. This blocks encrypted files from being copied or transferred. To allow users to copy and transfer files that are encrypted by MIP, set the value to 0.

DLP Agent support for using a network proxy to connect to the MIP portal The DLP Agent must be able to connect to the Microsoft Information Protection portal on the Internet so that it can validate the labels that are are recommended or applied. In addition, users must occasionally authenticate to MIP with their Microsoft Azure AD credentials. You can enable the DLP Agent to use a network proxy to connect to the MIP portal by configuring the Proxy section on the Settings tab of the agent configuration.

10 What's New and Changed in Symantec Data Loss Prevention 15.8

For network proxies that require authentication, you must save the authentication credentials in the agent configuration before configuring your proxy settings. By default, agents are configured to either not use a network proxy, or to assume that a transparent proxy exists. NOTE For information about making sure that your network proxy is configured correctly for Microsoft Information Protection, refer to the Microsoft documentation. https://docs.microsoft.com/en-us/information-protection/develop/faqs-known-issues#error-proxyautherror- exception. https://docs.microsoft.com/en-us/azure/information-protection/requirements#firewalls-and-network-infrastructure

Enable Enforce Server and detection server support for using a network proxy to connect to the MIP portal The Enforce Server must be able to connect to the Microsoft Information Protection portal on the Internet so that it can fetch classification labels. In addition, detection servers must be able to connect to the MIP portal so that they can validate the decryption credentials that are used to inspect files that are encrypted by MIP. You can enable the Enforce Server and detection servers to use a network proxy to connect to the Microsoft Information Protection portal by configuring the Enforce to Cloud Proxy Settings section on the System > General > Settings page of the Enforce Server administration console. For network proxies that require authentication, you must save the authentication credentials in the Enforce Server administration console before configuring your proxy settings. By default, detection servers are configured to either not use a network proxy, or to assume that a transparent proxy exists. For information about making sure that your network proxy is configured correctly, refer to the Microsoft documentation. See https://docs.microsoft.com/en-us/information-protection/develop/faqs-known-issues#error-proxyautherror-exception.

Network and Storage support for inspecting files and emails that are encrypted by MIP Network and Storage control points support the inspection of files and emails that are encrypted by MIP and can read labels that were applied using MIP. Support is available for file shares, SharePoint, Exchange, and Web server scanners. You must configure an MIP decryption credential profile in the the Enforce Server administration console. For Cloud control points, you configure an MIP decryption credential profile in the Cloud Management Portal. NOTE Network Discover/Cloud Storage Discover does not support MIP classification of files. Network Discover supports the MIP integration with File System, SharePoint, Exchange and Web server scanner.

Endpoint features in Data Loss Prevention 15.8 In addition to the MIP integration capabilities for DLP Endpoint described elsewhere in the What's New guide, the following new features for Endpoint are included in Data Loss Prevention 15.8. LiveUpdate improvements LiveUpdate now supports the deployment of agent hotfixes on macOS endpoints. Symantec Data Loss Prevention 15.8 also introduces several new options that grant you more granular control over which agents receive updates, and when.

11 What's New and Changed in Symantec Data Loss Prevention 15.8

This enhancement enables you to choose whether agents receive a newly released update or not. In the Enforce Server administration console, the new System > Agents > LiveUpdate screen allows you to create groups of agents, called deployment groups. While adding agents to a deployment group, you can use several predefined agent attributes to filter agents or create custom agent attributes. After you create a deployment group, you can trigger an update for the agents that belong to that deployment group. Deployment groups enable you to manage LiveUpdate for a large number of endpoints simultaneously. Using deployment groups, you can restrict updates to a specific group of endpoints, monitor the progress of agent updates for a group of endpoints, and identify and troubleshoot update issues by generating reports. After you initialize LiveUpdate, you can track the progress of the deployment and also generate a report that you can use to identify and troubleshoot deployment issues for individual agents. In addition, you can navigate to System > Agents > Check for Updates to find out whether any new agent updates are available.

Support for Microsoft OneDrive within Microsoft Office Applications When monitoring is enabled for cloud storage applications in the agent configuration, agents can monitor files that are saved to Microsoft OneDrive from Microsoft Office applications.

Support for Box Drive When monitoring is enabled for cloud storage applications in the agent configuration, agents can monitor files that are saved to mounted Box Drives.

Support for monitoring Microsoft Edge Chromium on Windows endpoints using extensions Symantec Data Loss Prevention now supports monitoring for Microsoft Edge Chromium on Windows endpoints using the Symantec extension. Monitoring support includes monitoring of HTTP and HTTPS traffic, clipboard activity, and file operations that are performed within the web browser. To download the Symantec extension for monitoring Edge and Edge Chromium, visit the Microsoft Edge Add-ons store. You can also deploy the extension using a Group Policy Object.

Rearchitecture of Google Chrome monitoring for endpoints Symantec has rearchitected the Google Chrome monitoring solution for Windows and macOS endpoints to align with standard extension-based approaches to monitoring. In addition, the Enforce Server now reports when monitoring for Google Chrome has been disabled or tampered with. Endpoints on which the Google Chrome extension is not functional are now indicated to be in the Critical (red) state on the Agent Overview page of the Enforce Server administration console.

For Windows endpoints, you can use the ExtensionEnablement.INSTALL_BROWSER_EXTENSION.int agent advanced setting to control whether the browser extension is installed automatically from the Chrome Web Store. To configure Windows agents to install the extension automatically, enter a value of 1 (default value). If you want to deploy the extension on Windows endpoints using a Group Policy Object, enter a value of 0. For macOS endpoints, after you enable monitoring for Google Chrome in the agent configuration, you can create an MDM configuration profile to deploy the extension on endpoints across your organization.

12 What's New and Changed in Symantec Data Loss Prevention 15.8

Rearchitecture of Mozilla Firefox monitoring for macOS endpoints Symantec has rearchitected the Mozilla Firefox monitoring solutions for macOS endpoints, to align with standard extension-based approaches to monitoring. In addition, the Enforce Server now reports when monitoring for Google Chrome and Mozilla Firefox has been disabled or tampered with on macOS endpoints. Endpoints on which the Google Chrome extension or the Mozilla Firefox extension is not functional are now indicated to be in the Critical (red) state on the Agent Overview page of the Enforce Server administration console. You can deploy the new browser extensions using MDM settings.

Rearchitecture of Microsoft Outlook monitoring for macOS endpoints The Microsoft Outlook monitoring solution has been rearchitected for compatibility with the changes in macOS 11. The new on-send web add-in for Outlook on macOS endpoints enables the new DLP Agent to monitor emails and calendar events that are created and sent using Microsoft Outlook and Outlook Web Access. You deploy the add-in using the Microsoft 365 Admin Center. NOTE To enable monitoring for Outlook Web Access in Mozilla Firefox on macOS endpoints, you must also deploy the new Mozilla Firefox extension using MDM settings. When you upgrade the DLP Agent for macOS to version 15.8, by default, Outlook monitoring is configured to use the add- in model. If you prefer to monitor Outlook on macOS 10.14 and 10.15 endpoints using the application hooking method, set the value of the Outlook.MONITOR_TECHNIQUE agent advanced setting to 0 (default). If you prefer to enable Outlook monitoring using the on-send web add-in, set the value to 1. Alternatively, you can configure separate agent groups for agents that use the add-in and for agents that use application hooking.

Filtering for multiple endpoints on the Agent List page On the Agent List page of the Enforce Server administration console, you can now filter and view information for multiple agents using search box of the Machine column. You can enter full or partial endpoint names in the search box. Use commas to separate each search keyword.

Allow Microsoft Outlook emails encrypted with S/MIME to be sent

You can use the Email.IGNORE_SMIME.int advanced setting in agent configurations to make agents ignore S/ MIME-encrypted emails without getting blocked on the endpoints. This allows an email to be encrypted by an upstream encryption server before delivering it to its recipients.

By default, the Email.IGNORE_SMIME.int advanced setting has a value of 0. To ignore the S/MIME-encrypted emails, set the value to 1. Enforce Server and platform features in Data Loss Prevention 15.8

Age-based filtering and incidents Ability to filter incidents based on their age and last update date.

13 What's New and Changed in Symantec Data Loss Prevention 15.8

You can filter your incidents based on their age using the Older Than filter. The filter provides the option to search on incident age based on days, weeks, months, quarters, and years. This filter provides a way to delete incidents based on their age. You can filter your incidents based on the last time they were updated using the Not Updated In filter. The filter allows you to display incidents that have not been updated in the specified number of days, weeks, months, quarters, and years. Phased migration during upgrade You can now upgrade Data Loss Prevention servers in two phases. Upgrading in two phases allows you to identify and resolve migration issues without shutting down services which can reduce system downtime.

Preparation During the preparation period for upgrading, you can run the Update Readiness Tool (URT) to analyze data (in addition to analyzing the table structure which it did in previous versions). The process lists the potential issues with the database that you address before migrating to Symantec Data Loss Prevention 15.8. The URT identifies data that is no longer compatible with the new schema. Analyzing data helps identify potential problems before the migration process is started. If you find problems with the database, you can fix them while keeping the previous version Enforce Server up and running. In previous Data Loss Prevention versions, issues that were related to LOB data (for example, scan failures or deprecated features that are remaining in LOB data) caused the migration to fail. During this time, the Enforce Server was not up and running.

Phase 1 During phase 1 of the upgrade, the Migration Utility runs pre-checks and migrates the file system without shutting down the previous version services. The previous version services continue to run during and after the execution of phase 1. This phase includes running a report to confirm the status of the file system. The report lists the filesystem status and identifies potential issues. The report lists saved customizations. Saved customizations includes certificates, keystores, plugins, FlexResponse scripts, and configuration file settings. Data files, document profiles, property files, plugins, and keystores are moved to the 15.8 instance during this phase.

Phase 2 During the final phase of the upgrade, services on the previous system are shutdown, pre-checks are completed, then the migration moves incidents, indexes, and the database.

Network Detection uptime protection Data Loss Prevention 15.8 provides the ability for Network Monitor, Network Prevent for Web, and Network Prevent for Email to continue monitoring and detecting sensitive information during and after upgrade to future Data Loss Prevention versions. Support for Red Hat Enterprise Linux 8 Added support for Red Hat Enterprise Linux 8 on the Enforce Server and detection servers. Support for Windows Server 2019 Added support for Microsoft Windows Server 2019 on the Enforce Server and detection servers.

14 What's New and Changed in Symantec Data Loss Prevention 15.8

Ability to specify usage type for User Groups When you create a User Group, you select the usage type: either for policy management or for roles. Based on user permissions provided, administrators can add and edit both types of user groups. This feature provides more control over user access to managing policies and roles. Support for Oracle 19c Enterprise and Standard Edition 2

You can deploy the Data Loss Prevention database on the following Oracle 19c databases: • Oracle 19c Enterprise Edition. Support is included for the the latest Database Release Updates (RUs). NOTE Oracle RU 19.6.0.0.0 is only supported on Linux servers. You must obtain software and support from Oracle. For implementation details, see the Symantec Data Loss Prevention Oracle 19c Implementation Guide at the Tech Docs Portal. • Oracle 19c Standard Edition 2. Support is included for the following Database Release Updates (RUs): Support is included for the the latest Database Release Updates (RUs), available from Symantec. NOTE Oracle RU 19.6.0.0.0 is only supported on Linux servers. You can obtain the software from Symantec. For implementation details, see the Symantec Data Loss Prevention Oracle 19c Implementation Guide at the Tech Docs Portal. NOTE Symantec recommends that you run the Oracle 19c Standard Edition 2 database on a supported version of Windows or Linux. Symantec Data Loss Prevention supports running the Oracle 19c Standard Edition 2 database on platforms that Oracle supports. See the Symantec Data Loss Prevention Oracle 19c Implementation Guide at the Tech Docs Portal. Support for OpenJDK 8 Java Runtime Environment (JRE) You can deploy Symantec Data Loss Prevention with the OpenJDK 8 Java Runtime Environment (JRE). This replaces the Oracle JDK. Symantec no longer provides installers for the JRE. Use the JREMigrationUtility to point to the latest supported OpenJDK JRE version. See the Symantec Data Loss Prevention Installation Guide available at Related Documents. The guide provides steps to install the OpenJDK 8 JRE on new installations or migrate to the OpenJDK 8 JRE on upgraded instances. Email quarantine integration with Symantec Messaging Gateway When a message is released or deleted from quarantine, it is released or deleted for all recipients. Support for installing EMDI, EDM, and IDM remote indexers on Linux systems The Red Hat Enterprise Linux 7.5 through 7.7 operating systems are supported for use with EMDI, EDM, and IDM remote indexers.

End User Remediation in Data Loss Prevention 15.8

End User Remediation for decentralized incident remediation End User Remediation simplifies the management of incidents by decentralizing the incident remediation process. Anyone in your organization can be delegated with the responsibility of remediating an incident. Engaging more users enables more incident remediation and assigning the correct users to remediate reduces the overhead of incorrect remediation

15 What's New and Changed in Symantec Data Loss Prevention 15.8 when the remediation process is centralized. To use End User Remediation, there is no additional licensing requirement for Data Loss Prevention. You will need to have a ServiceNow instance in your organization. The DLP End User Remediation application needs to be deployed in your ServiceNow environment. See About End User Remediation. Discover features in Data Loss Prevention 15.8

Enhanced support for the web server scanner The web server scanner is a general purpose tool which can be used to scan websites for sensitive information. The scanner takes a best-effort approach to scan the website content and find sensitive information. The web server scanner has been enhanced for DLP 15.8 with the following features: • Now bundled with Discover Servers and Detection Servers, so there is no need to separately install the scanner. This reduces the time and effort to manage and execute the scans. • Support for all DLP detection techniques including Sensitive Image Recognition (SIR). • Support has been extended for scanning websites using up to TLS v1.3, which is the latest version. • Enhanced management using the Enforce Server administration console, including starting/stopping the scan and specifying the website to be scanned, which simplifies the management of scans from the Enforce Server. • Enhanced ability to support container file types (such as ZIP, Word, and others) that are handled in a special manner by certain file repositories (such as Jive).

Network Discover support for Microsoft SharePoint 2019 You can configure the Network Protect: Quarantine File automated response action to quarantine confidential files that were detected in SharePoint 2019 repositories, and use the Network Protect: Release from Quarantine smart response action to resolve SharePoint 2019-related incidents manually.

Removal of the Veritas Data Insight license file

The Data Insight page in the Enforce Server administration console is now accessible to all Network Discover customers without a license file. Symantec continues to support the interoperability between Veritas Data Insight and Symantec Data Loss Prevention. Rewritten Folder Risk Report page to remove Adobe Flash dependency The Folder Risk Report page for Veritas Data Insight integration has been rewritten to remove a dependency on Adobe Flash, which Adobe no longer supports. In Data Loss Prevention 15.7, the page was declared as deprecated. However, because the page has been rewritten, the page is no longer considered to be deprecated. Detection features in Data Loss Prevention 15.8

High-performance Office Open XML content extraction upgrade A high-performance Open Office XML content extraction upgrade is enabled by default in Data Loss Prevention 15.8 for the Enforce Server indexer, the Remote IDM Indexer, all detection servers, and all 15.8 agents. The OOXML content extractor is also enabled for the cloud detectors bound to 15.8 Enforce Servers, by default. Once the Enforce Server and detection servers have been upgraded, IDM profiles must be reindexed.

16 What's New and Changed in Symantec Data Loss Prevention 15.8

See the Symantec Data Loss Prevention Release Notes, Version 15.8 for more information.

DICOM file metadata detection A DICOM file is an image saved in the Digital Imaging and Communications in Medicine (DICOM) format. These files contain an image from a medical scan, such as an ultrasound or MRI. DICOM files may also include identification data (stored in the metadata area of the DICOM file) for patients so that the image is linked to a specific individual. DICOM metadata detection in Symantec Data Loss Prevention can enable Big Data analysis, enable large healthcare users to extent their ability to meet compliance requirements, and enable them to use their existing Data Loss Prevention policies and detection technologies (such as regex, keyword, EDM) across all Data Loss Prevention endpoint, network, and cloud channels. XMP metadata detection for a variety of formats XMP is an industry standard xml based metadata format for files. Many technology vendors put their own proprietary file information in the XMP section of a file’s metadata area. For example, Microsoft puts MIP-related classification labels for PDF-based files in the XMP metadata area. This feature extends detection to potentially sensitive data stored in the XMP format and located in the metadata area of PDF, PNG, GIF, JPG, and TIFF files. You can use traditional Symantec Data Loss Prevention detection technologies such as regex, keyword, and EDM for all channels including Endpoint, Network, and Cloud. New and updated data identifiers in 15.8 Symantec Data Loss Prevention 15.8 includes the following new data identifiers: • Cyprus Passport Number • Ireland Driver Licence Number • Japan Bank Account Number • Japan Credit and Debit Card Number • Malta Driving Licence Number • Mexico Driver License Number • New Brunswick Driver's Licence Number • New Zealand Tax Identification Number • Philippines Passport Number • Prince Edward Island Driver's License Number • Romania Passport Number • Saskatchewan Driver's Licence Number • Singapore Driving Licence Number • Singapore Passport Number • Singapore Phone Number • Singapore Unique Entity Number (UEN) • UK Unique Taxpayer Reference Number (UTR) • US Driver License Number - LA State

The following data identifiers have been renamed in Symantec Data Loss Prevention 15.8:

Old data identifier name New data identifier name Australia Driver's License Number Australia Driver Licence Number Australian Business Number Australia Business Number (ABN) Australian Company Number Australia Company Number (ACN)

17 What's New and Changed in Symantec Data Loss Prevention 15.8

Old data identifier name New data identifier name Australian Medicare Number Australia Medicare Number Australian Passport Number Australia Passport Number Australian Tax File Number Australia Tax File Number (TFN) Austrian Social Security Number Austria Social Security Number Belgian National Number Belgium National Identity Number Belgium Driver's Licence Number Belgium Driver Licence Number BosniaHerzegovina Unique Master Citizen Number Bosnia-Herzegovina Unique Master Citizen Number Brazilian Election Identification Number Brazil Election Identification Number Brazilian National Registry of Legal Entities Number Brazil National Registry of Legal Entities Number (CNPJ) Brazilian Natural Person Registry Number Brazil Natural Person Registry Number (CPF) Bulgarian Uniform Civil Number - EGN Bulgaria Uniform Civil Number (EGN) Burgerservicenummer Netherlands Burgerservicenummer (Citizen Service Number) Canada Driver's License Number Canada Driver Licence Number Canadian Social Insurance Number Canada Social Insurance Number (SIN) Chilean National Identification Number Chile National Identification Number (RUN) China Passport Number People's Republic of China Passport Number Codice Fiscale Italy Codice Fiscale (Fiscal Code) Colombian Addresses Colombia Address Colombian Cell Phone Number Colombia Cell Phone Number Colombian Personal Identification Number Colombia Personal Identification Number Colombian Tax Identification Number Colombia Tax Identification Number Croatia National Identification Number Croatia Personal Identification Number CUSIP Number CUSIP (Uniform Securities Identification Procedures) Number Czech Republic Driver's Licence Number Czech Republic Driver Licence Number Driver License Number - VT State US Driver License Number - VT State Driver License Number MD State US Driver License Number - MD State Driver License Number- CT State US Driver License Number - CT State Driver License Number- Guam US Driver License Number - Guam Driver License Number- IN State US Driver License Number - IN State Driver License Number- KS State US Driver License Number - KS State Driver License Number- KY State US Driver License Number - KY State Driver License Number- MA State US Driver License Number - MA State Driver License Number- MI State US Driver License Number - MI State Driver License Number- MN State US Driver License Number - MN State Driver License Number- MO State US Driver License Number - MO State Driver License Number- MS State US Driver License Number - MS State Driver License Number- MT State US Driver License Number - MT State Driver License Number- ND State US Driver License Number - ND State Driver License Number- NE State US Driver License Number - NE State Driver License Number- NH State US Driver License Number - NH State

18 What's New and Changed in Symantec Data Loss Prevention 15.8

Old data identifier name New data identifier name Driver License Number- OH State US Driver License Number - OH State Driver License Number- RI State US Driver License Number - RI State Driver License Number- VA State US Driver License Number - VA State Driver License Number- WV State US Driver License Number - WV State Driver's License Number- AR State US Driver License Number - AR State Driver's License Number- AZ State US Driver License Number - AZ State Driver's License Number- CA State US Driver License Number - CA State Driver's License Number- DC State US Driver License Number - DC State Driver's License Number- FL State US Driver License Number - FL State Driver's License Number- HI State US Driver License Number - HI State Driver's License Number- IA State US Driver License Number - IA State Driver's License Number- ID State US Driver License Number - ID State Driver's License Number- IL State US Driver License Number - IL State Driver's License Number- NJ State US Driver License Number - NJ State Driver's License Number- NY State US Driver License Number - NY State Driver's License Number- OK State US Driver License Number - OK State Driver's License Number- OR State US Driver License Number - OR State Driver's License Number- US Virgin Islands US Driver License Number - US Virgin Islands Driver's License Number- WA State US Driver License Number - WA State Driver's License Number- WI State US Driver License Number - WI State Estonia Driver's Licence Number Estonia Driving Licence Number Estonia Personal Identification Number Estonia Personal Identification Code Finland Driver's Licence Number Finland Driving Licence Number Finnish Personal Identification Number Finland Personal Identitification Number France Driver's Licence Number France Driver Licence Number French INSEE code France INSEE code French Passport Number France Passport Number French Social Security Number France Social Security Number German Passport Number Germany Passport Number German Personal ID Number Germany Personal ID Number Germany Driver's Licence Number Germany Driver Licence Number Greek Tax Identification Number Greece Tax Identification Number Hong Kong ID Hong Kong Identity Card (HKID) Number Hungarian Social Security Number Hungary Social Security Number Hungarian Tax Identification Number Hungary Tax Identification Number Hungarian VAT Number Hungary VAT Number Hungary Driver's Licence Number Hungary Driver Licence Number Indian Aadhaar Card Number India Aadhaar Card Number (National Idenitification Number) Indian Permanent Account Number India Permanent Account Number (PAN) Indonesian Identity Card Number Indonesia Identity Card Number

19 What's New and Changed in Symantec Data Loss Prevention 15.8

Old data identifier name New data identifier name International Mobile Equipment Identity Number International Mobile Equipment Identity Number (IMEI) Irish Personal Public Service Number Ireland Personal Public Service Number Italy Driver's Licence Number Italy Driver Licence Number Japan Driver's License Number Japan Driver License Number Japanese Juki-Net Id Number Japan Juki-Net Identification Number Japanese My Number - Corporate Japan My Number - Corporate Japanese My Number - Personal Japan My Number - Personal Korea Residence Registration Number for Korean Korea Residence Registration Number for Koreans Latvia Driver's Licence Number Latvia Driver Licence Number Malaysian MyKad Number (MyKad) Malaysia MyKad Number (National Identification Number) Mexican Personal Registration and Identification Number Mexico Personal Registration and Identification Number Mexican Tax Identification Number Mexico Tax Identification Number Mexican Unique Population Registry Code Mexico Unique Population Registry Code (CURP) Mexico CLABE Number Mexico CLABE Number (Standardized Banking Code) Netherlands Driver's Licence Number Netherlands Driver Licence Number New Zealand Driver's License Number New Zealand Driver License Number Norway Driver's Licence Number Norway Driver Licence Number Norwegian Birth Number Norway Birth Number People's Republic of China ID People's Republic of China Resident Identity Card Number Poland Driver's Licence Number Poland Driver Licence Number Polish Identification Number Poland Identification Number Polish REGON Number Poland REGON Number Polish Social Security Number (PESEL) Poland Social Security Number (PESEL) Polish Tax Identification Number Poland Tax Identification Number Portugal Driver's Licence Number Portugal Driver Licence Number Randomized US Social Security Number (SSN) US Randomized Social Security Number (SSN) Romania Driver's Licence Number Romania Driver Licence Number Romanian Numerical Personal Code Romania Numerical Personal Code Russian Passport Identification Number Russia Passport Identification Number Russian Taxpayer Identification Number Russia Taxpayer Identification Number Singapore NRIC Singapore National Registration Identity Card (NRIC) Slovakia Driver's Licence Number Slovakia Driver Licence Number South African Personal Identification Number South Africa Personal Identification Number Spain Driver's Licence Number Spain Driver Licence Number Spanish Customer Account Number Spain Customer Account Number Spanish DNI ID Spain DNI ID Spanish Passport Number Spain Passport Number Spanish Social Security Number Spain Social Security Number Spanish Tax ID (CIF) Spain Tax Identification Number (CIF) Sweden Driver's Licence Number Sweden Driver Licence Number

20 What's New and Changed in Symantec Data Loss Prevention 15.8

Old data identifier name New data identifier name Swedish Passport Number Sweden Passport Number Swiss AHV number Switzerland AHV number Swiss Social Security Number (AHV) Switzerland Social Security Number (AHV) Turkish Identification Number Turkey Identification Number UK Driver's Licence Number UK Driving Licence Number UK Tax ID Number UK Tax Identification Number Ukraine Identity Card Ukraine Individual Identification Number Ukraine Passport (Domestic) Ukraine Passport (Domestic) Number Ukraine Passport (International) Ukraine Passport (International) Number US Zip+4 Postal Codes US Zip+4 Postal Code Venezuela Driving License Number Venezuela Driver License Number Venezuela National ID Number Venezuela National Identification Number

The following data identifiers have been updated in 15.8:

Data identifier Details of change Canada Driver's License Number Updated the keyword list. Canada Government Identification Card Number Updated the keyword list. Canada Social Insurance Number • Removed the Luhn Check validator from the wide breadth • Added the Exclude Beginning Characters validator to the wide breadth. • Added the Duplicate Digits validator to the wide and narrow breadths. Chile National Identification Number • Updated the keyword list. • Added the Exclude Beginning Characters validator to the narrow breadth. Colombia Cell Phone Number Added the Require Beginning Characters validator to the wide breadth. Colombia Personal Identification Number Added the Exclude Beginning Characters, Exclude Prefix, and Exclude Suffix validators to the wide breadth. Colombia Tax Identification Number Added the Require Beginning Characters and Exclude Prefix validators to the wide breadth. Czech Republic Personal Identification Number Added the Exclude Beginning Characters validator to the wide and narrow breadths. Denmark Personal Identification Number Changed the Data Normalizer to Digits. European Health Insurance Card Number Removed the Exclude Ending Characters validator from the wide and narrow breadths. Finland Driver's License Number Updated the pattern list. Germany Tax Identification Number Updated the pattern list. Ireland Personal Public Service Number Updated the pattern list. Israel Identification Number Removed the Number Delimiter validator from the medium breadth. Italian Passport Number Updated the pattern list.

21 What's New and Changed in Symantec Data Loss Prevention 15.8

Data identifier Details of change Japan Passport Number Updated the pattern list Korea Passport Number Updated the pattern list. Latvia Value Added Tax (VAT) Number Removed the Lithuania Value Added Tax (VAT) Number Validation Check validator from the wide and narrow breadths. Luxembourg Passport Number Updated the pattern list. Russia Military Identity Number • Updated the pattern list. • Updated the keyword list. Singapore National Registration Identity Card (NRIC) • Removed the Singapore NRIC validator from the wide breadth. • Updated the pattern list in the wide breadth. • Added the Number Delimiter validator in the wide breadth. • Added a medium breadth and a narrow breadth. SEPA Creditor Identifier Number North Updated the pattern list. SEPA Creditor Identifier Number West Updated the pattern list. SEPA Creditor Identifier Number South Updated the pattern list. Spain Driver Licence Number Removed theFind keywords validator from the wide breadth. SWIFT Code Deleted the Find keywords validator from the wide breadth. US Driver License Number - AR State Changed the Category to North America Personal Identity. UK Passport Number • Removed the Find keywords validator from the medium breadth. • Removed the duplicateFind keywords validator from the narrow breadth. US Driver License Number - DC State Changed the Category to North America Personal Identity. US Driver License Number - FL State Updated the pattern list. US Driver License Number - IA State Updated the pattern list. US Driver License Number - ID State Updated the pattern list. US Driver License Number - MD State Changed the Category to North America Personal Identity. US Driver License Number - MI State Updated the pattern list. US Driver License Number - MN State Updated the pattern list. US Driver License Number - MS State Changed the Category to North America Personal Identity. US Driver License Number - NY State Updated the keyword list. US Driver License Number - OK State Changed the Category to North America Personal Identity. US Driver License Number - VA State Changed the Category to North America Personal Identity. Venezuela Driving License Number Changed the Data Normalizer to Digits and Letters.

Cloud features in Data Loss Prevention 15.8

Cloud email quarantine and release integration with Email Security.cloud Quarantine and release functionality that is currently available in Data Loss Prevention for on-premises emails through integration with Symantec Mail Gateway (SMG) is now extended to the cloud using Email Security.cloud.

22 What's New and Changed in Symantec Data Loss Prevention 15.8

With this integration, you can quarantine emails with sensitive information using the Enforce Server administration console. You can use Smart Response rules to review and remediate the emails and then release or delete the emails from quarantine.

Language support in Data Loss Prevention 15.8

Important changes to language support in Data Loss Prevention 15.8 The Enforce Server management console was previously provided in multiple languages, including: • English • Brazilian Portuguese • Spanish • French • Japanese • German • Italian • Chinese (Traditional and Simplified) • Korean • Russian Beginning with Data Loss Prevention 15.7 MP1 and continuing through DLP 15.8 and subsequent releases, only the following languages are supported for the Enforce Server user interface and product documentation (online help and PDFs): • English • Brazilian Portuguese • Spanish • French • Japanese Support for other languages is deprecated. While language packs will be available for all languages for Data Loss Prevention 15.8 and subsequent releases, new text on existing pages or on new pages in the Enforce Server administration console will not be translated, and will appear in English, for these language packs: • German • Italian • Chinese (Traditional and Simplified) • Korean • Russian For those languages that are supported version 15.8, as listed previously, all new text will be translated. Longer term, Symantec may discontinue providing language packs for the deprecated languages. NOTE Product documentation, including online help and PDFs, was not translated for Data Loss Prevention 15.7.x. There will be translations for product documentation in subsequent releases, for the listed supported languages. Symantec continually assesses customer requirements, so if your organization desires support for one of the deprecated languages, contact the Data Loss Prevention product team through Support or your account team. Symantec will consider your request and reevaluate the list of deprecated languages.

23 What's New and Changed in Symantec Data Loss Prevention 15.8

The deprecation of support for Enforce Server administration console languages does not affect other areas of Data Loss Prevention language support. You will continue to have the ability to detect sensitive data in all languages that are currently supported. You will also continue to be able to display the Endpoint notification pop-up dialog in all supported languages.

Removed and deprecated platforms and features

Information Centric Encryption (ICE) Support for ICE is removed.

Removed platform support for Endpoint

Table 8: Removed platforms for Endpoint

Platform Notes

macOS 10.12 and 10.13

Removed Data Loss Prevention Platform support

Table 9: Removed DLP Platform support in Data Loss Prevention 15.8

Platform/feature Notes Oracle 11.2 databases Oracle Database 19c is supported for use with Symantec Data Loss Prevention. Symantec strongly recommends that you migrate your Symantec Data Loss Prevention database to Oracle Database 19c as soon as possible. Oracle 12.2.0.1 databases Oracle Database 19c is supported for use with Symantec Data Loss Prevention. Symantec strongly recommends that you migrate your Symantec Data Loss Prevention database to Oracle Database 19c as soon as possible. Amazon RDS for Oracle 12.2.0.1 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 6 is no longer supported starting with Data Loss Prevention 15.8. Red Hat Enterprise Linux 7.3 and 7.4 Red Hat Enterprise Linux 7.3 and 7.4 is no longer supported starting with Data Loss Prevention 15.8. Windows Server 2008 R2 64-bit

Removed platforms and features for Network Discover

Table 10: Removed platforms and features in Data Loss Prevention 15.8 for Network Discover

Platform/feature Notes Installation of scanners on 32-bit operating systems Microsoft Outlook Personal folders (.pst files) that were created with Outlook 2010 Network shares that reside on Microsoft Windows Server 2008 R2 SP1

24 What's New and Changed in Symantec Data Loss Prevention 15.8

Platform/feature Notes IBM Lotus Notes 8.5.x Microsoft SharePoint 2010 SP2 Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 The latest service pack is supported. Documentum Content Server All versions. OpenText (LiveLink) Server All versions. File system scanners running on Solaris SPARC 10 Enforce Server 15.8 provides backward compatibility with the Solaris SPARC 10 scanner that was provided with Data Loss Prevention 15.7. You can continue using existing Solaris SPARC 10 scanners that were provided with version 15.7 File system scanners running on Windows Server 2008 R2 Oracle 11g (11.2.x) database targets SQL Server 2014 and 2016 SQL database targets Only the latest service packs are supported: SQL Server 2014 SP3 and SQL Server 2016 SP2. Red Hat Enterprise Linux 6.x file system scanner target SMB 1.0 on Windows Server 2012 R2 and Windows Server 2016 for file system targets

Removed support for languages The following language packs are no longer supported for the Enforce Server administration console user interface: • Chinese (Simplified) • Chinese (Traditional) • German • Italian • Korean • Russian

25 What's New and Changed in Symantec Data Loss Prevention 15.8

Copyright statement

Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom. Copyright ©2021 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com. Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others.

26