Symantec Data Loss

Prevention Supportability
Telemetry Guide
Version 14.6

Symantec Data Loss Prevention Supportability

Telemetry Guide
Documentation version: 14.5

Legal Notice
Copyright 2016 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (Third Party Programs). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.

Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com

Technical Support
Symantec Technical Support maintains support centers globally. Technical Supports
primary role is to respond to specific queries about product features and functionality.
The Technical Support group also creates content for our online Knowledge Base.
The Technical Support group works collaboratively with the other functional areas
within Symantec to answer your questions in a timely fashion. For example, the
Technical Support group works with Product Engineering and Symantec Security
Response to provide alerting services and virus definition updates.
Symantecs support offerings include the following:

A range of support options that give you the flexibility to select the right amount
of service for any size organization

Telephone and/or Web-based support that provides rapid response and

up-to-the-minute information

Upgrade assurance that delivers software upgrades

Global support purchased on a regional business hours or 24 hours a day, 7

days a week basis

Premium service offerings that include Account Management Services

For information about Symantecs support offerings, you can visit our website at
the following URL:
support.symantec.com
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be at
the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:

Product release level

Hardware information

Available memory, disk space, and NIC information

Operating system

Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/business/support/

Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:

Questions regarding product licensing or serialization

Product registration updates, such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade assurance and support contracts

Information about the Symantec Buying Programs

Advice about Symantec's technical support options

Nontechnical presales questions

Issues that are related to CD-ROMs, DVDs, or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
Asia-Pacific and Japan

customercare_apac@symantec.com

Europe, Middle-East, and Africa

semea@symantec.com

North America and Latin America

supportsolutions@symantec.com

About DLP Supportability

Telemetry
This document includes the following topics:

Introducing DLP Supportability Telemetry

Security of DLP Supportability Telemetry information

Information collected by DLP Supportability Telemetry

Automatically uploading DLP Supportability Telemetry information to Symantec

Managing DLP Supportability Telemetry

Introducing DLP Supportability Telemetry

The DLP Supportability Telemetry program helps Symantec improve the quality of
Symantec Data Loss Prevention. Participation in this program is entirely your choice,
and you can opt in or out of sharing this information at any time. Supportability
Telemetry collects information from your Symantec Data Loss Prevention installation
and sends it securely and anonymously to Symantec. The collected information
provides Symantec with a better understanding of how Symantec Data Loss
Prevention is used, which can greatly improve new product planning and
development. In addition, the collected information can help you troubleshoot
problems when you work with Symantec Support to resolve a support case.
The information that Symantec collects does not include details about potential or
actual data loss in your organization. Symantec collects no actual incident data or
other sensitive information, such as names of users. The information Symantec
collects pertains primarily to environment variables and factors that can affect
performance, such as version number, number of detection servers, or number of
endpoint agents. If you choose to participate in the DLP Supportability Telemetry

About DLP Supportability Telemetry

Security of DLP Supportability Telemetry information

program, the collected information is automatically uploaded to a server at Symantec.

You can schedule both collection and data transmission on a daily, weekly, or
monthly basis.
For details about the information collected by DLP Supportability Telemetry, See
Information collected by DLP Supportability Telemetry on page 8.

Security of DLP Supportability Telemetry information

To ensure the security of your data, only Symantec Data Loss Prevention users
with Server Administrator privileges can configure and view DLP Supportability
Telemetry information. All DLP Supportability Telemetry information is encrypted
before transmission, and is sent to Symantec using HTTPS.

Information collected by DLP Supportability

Telemetry
DLP Supportability Telemetry automatically collects the following system information
and stores it as system information within your Symantec Data Loss Prevention
database.

Symantec products you have licensed.

Customer ID: Your customer ID is an automatically generated number that is

used to identify your collected DLP Supportability Telemetry data.

Currently installed version of the Enforce Server.

Total number of detection servers.

Endpoint agent versions and total number of agents for each version.

File types for which there are incidents.

Network Discover/Cloud Storage Discover target types, as well as scan and last
modified dates for those targets.

You can also provide the following information at your discretion:

Environment type: Specifies whether the data comes from a production or a test
environment.

Your company name. Your company name is anonymous by default.

This information is collected whether or not you choose to participate in the DLP
Supportability Telemetry program. Old DLP Supportability Telemetry information
is automatically deleted.

About DLP Supportability Telemetry

Automatically uploading DLP Supportability Telemetry information to Symantec

At transmission time, your DLP Supportability Telemetry data is pulled from the
database and formatted as several .csv files within an encrypted archive called
telemetry_info.zip.
You can view your DLP Supportability Telemetry data at any time. See Viewing
your DLP Supportability Telemetry information on page 10.

Automatically uploading DLP Supportability Telemetry

information to Symantec
You can enable automatic upload of DLP Supportability Telemetry information from
your Enforce Server to Symantec during the installation or upgrade process by
selecting the box labeled Participate in the Supportability Telemetry program.
Your Enforce Server must have an Internet connection to transmit DLP Supportability
Telemetry information.
If you opted out of the program during installation or upgrade, you can enable
automatic upload from your Enforce Server administration console:
To enable automatic upload of your DLP Supportability Telemetry information

In the Enforce Server administration console, go to System > Settings >

Supportability Telemetry.

Click Configure. The Edit Supportability Telemetry page appears.

In the Telemetry Enforce Environment section, specify whether this is a

Production or Test environment.

In the Telemetry Information Upload section, check Participate in the

Supportability Telemetry Program.

Click Save.

To disable automatic upload of your DLP Supportability Telemetry information

In the Enforce Server administration console, go to System > Settings >

Supportability Telemetry.

Click Configure. The Edit Supportability Telemetry page appears.

In the Telemetry Information Upload section, clear the Auto Upload check
box.

Click Save.

About DLP Supportability Telemetry

Managing DLP Supportability Telemetry

Managing DLP Supportability Telemetry

You can review your DLP Supportability Telemetry settings from the System >
Settings > Supportability Telemetry page on the Enforce Server administration
console.
For information about configuring DLP Supportability Telemetry options, see the
following topics:
See Automatically uploading DLP Supportability Telemetry information to Symantec
on page 9.
See Scheduling automatic upload of your DLP Supportability Telemetry information
on page 11.
See Scheduling collection of your DLP Supportability Telemetry information
on page 12.
See Specifying the age of DLP Supportability Telemetry information to delete
on page 12.
To view an unencrypted version of your DLP Supportability Telemetry information,
see the following topic:
See Viewing your DLP Supportability Telemetry information on page 10.

Viewing your DLP Supportability Telemetry information

Before you send any information about your deployment to Symantec, you can view
it by exporting an unencrypted version to a local .zip archive. This archive contains
your DLP Supportability Telemetry information in .csv format.
To view your DLP Supportability Telemetry information

In the Enforce Server administration console, go to System > Settings >

Supportability Telemetry.

Click View Info.

You can save the telemetry_info.zip file, or open it to view your DLP
Supportability Telemetry information immediately.
Within the telemetry_info.zip file you will find these .csv files:

timestamp_agents_installed.csv. This file contains information about the

number of agents you have installed, as well as the version number of those
agents.

timestamp_enforce_version.csv. This file contains information about the

version of Symantec Data Loss Prevention that you are currently running.

10

About DLP Supportability Telemetry

Managing DLP Supportability Telemetry

timestamp_file_type.csv. This file contains information about the types of

files that are associated with your incidents.

timestamp_job.csv. This file contains information about the DLP Supportability

Telemetry collection and transmission process, as well as your unique identifier

and customer name. It also specified whether this is a test or production
environment.

timestamp_monitor_channel.csv. This file lists the number of detection servers

you are running, as well as their type, such as Network Discover/Cloud Storage
Discover or Endpoint Prevent.

timestamp_prod_license.csv. This file contains information about the

Symantec products you have licensed.

timestamp_target_type.csv. This file contains information about your Network

Discover/Cloud Storage Discover targets.

timestamp_task.csv. This file contains information about the DLP Supportability

Telemetry task itself.

Scheduling automatic upload of your DLP Supportability Telemetry

information
You can schedule daily, weekly, or monthly automatic upload of telemetry information
from the Enforce Server administration console. The default upload schedule is
monthly, on the first day of the month at 2:00 A.M.
To schedule automatic upload of your DLP Supportability Telemetry information

In the Enforce Server administration console, go to System > Settings >

Supportability Telemetry.

Click Configure. The Edit Supportability Telemetry page appears.

In the Telemetry Information Upload section, specify an upload schedule:

Daily: Specify the hour of the day for automatic upload.

Weekly: Specify a day or multiple days of the week and an hour for
automatic upload.

Monthly: Specify a day of the month and an hour for automatic upload.

Click Save.

11

About DLP Supportability Telemetry

Managing DLP Supportability Telemetry

Scheduling collection of your DLP Supportability Telemetry

information
You can schedule daily, weekly, or monthly collection of telemetry information to
Symantec from the Enforce Server administration console. The default collection
schedule is weekly, on Saturday at 2:00 A.M.
Telemetry information is collected whether or not you have opted in to sharing this
information with Symantec. You cannot disable collection of this information, but
you are not obligated to share it.
To schedule collection of your DLP Supportability Telemetry information

In the Enforce Server administration console, go to System > Settings >

Supportability Telemetry.

Click Configure. The Edit Supportability Telemetry page appears.

In the Telemetry Information Upload section, specify a collection schedule:

Daily: Specify the hour of the day for collection.

Weekly: Specify a day or multiple days of the week and an hour for
collection.

Monthly: Specify a day of the month and an hour for collection.

Click Save.

Specifying the age of DLP Supportability Telemetry information to

delete
You can specify the age of telemetry information for deletion from the Enforce
Server administration console. By default, DLP Supportability Telemetry information
is deleted after six months.
To specify the age of DLP Supportability Telemetry information to delete

In the Enforce Server administration console, go to System > Settings >

Supportability Telemetry.

Click Configure. The Edit Supportability Telemetry page appears.

In the Telemetry Information Deletion section, enter a number of weeks or

months in the Delete Information Older Than field.

Click Save.

12