Symantec Data Loss Prevention provides a set of response rule actions that you can specify to remediate an incident. These provided actions include logging, sending an email, blocking an end-user action, notifying a user, and other responses.
You can also use Endpoint FlexResponse plug-ins to provide additional response actions. These plug-ins contain custom instructions for remediation actions that are executed on endpoint computers. Endpoint FlexResponse rules are only applicable to Automated Response rules. You cannot create Endpoint FlexResponse rule actions for Smart Response rules.
Symantec Data Loss Prevention customers can contact Symantec or Symantec partners to obtain Endpoint FlexResponse plug-ins. In addition, developers with a knowledge of the Python programming language can create custom Endpoint FlexResponse plug-in scripts using a Symantec-provided API. These custom remediation actions can include encryption, applying Digital Rights Management (DRM), or redacting confidential information.
You use the Endpoint FlexResponse utility to deploy Endpoint FlexResponse plug-ins on endpoint computers in your Symantec Data Loss Prevention deployment where you require Endpoint FlexResponse actions. You can deploy the plug-ins manually using the Endpoint FlexResponse utility, or you can use system management software (SMS) to distribute the utility and deploy the plug-ins. After you deploy an Endpoint FlexResponse plug-in on an endpoint computer, you use the Enforce Server administration console to add an Endpoint: FlexResponse action to a response rule, and then you add the response rule to an active policy.
below figure of Endpoint FlexResponse plug-in process shows the sequence of activities that result in an Endpoint FlexResponse action.
Endpoint FlexResponse provides you with additional flexibility to remediate incidents.Whenyou first install Endpoint Prevent, you have a fixed set of response rule actions available to use. By installing Endpoint FlexResponse plug-ins, you can remediate incidents in a variety of ways. For example, these additional remediation methods could include encryption, applying Digital Rights Management (DRM), or redacting confidential information (which are available separately from Symantec partners). After you install an Endpoint FlexResponse plug-in, you can then configure a response rule to perform the desired function..
Note: Contact a Symantec partner or Symantec sales representative to obtain Endpoint FlexResponse plug-ins.
You can use Endpoint FlexResponse rules on the following types of endpoint destinations and protocols:
■ Endpoint Discover
■ Hard drive monitoring
■ USB-connected devices
■ SMTP
■ HTTP(S)
After you have installed the Endpoint FlexResponse plug-in, you can add it as a response rule action in your policy.
Note: Endpoint FlexResponse rules are only applicable to automatic response rules. You cannot create Endpoint FlexResponse rule actions for manual remediation policies.
You can create credentials for the Endpoint FlexResponse plug-ins. These credentials can be Endpoint-specific, or they can apply to all of your detection servers. You can use credentials to assign specific users access to the remediated data.
Deploying Endpoint FlexResponse
Procedure Step 1 : Obtain the Endpoint FlexResponse plug-in. Contact a Symantec partner or Symantec sales representative. Endpoint FlexResponse plug-ins are not available with the default Symantec Data Loss Prevention installation.
Procedure Step 2 : Configure any Endpoint credentialson the Enforce Server. This step is optional --
Procedure Step 3 : Deploy the plug-in to your endpoint computers using the FlexResponse utility and third-party systems management oftware (SMS). here I will explain you about Deploying process of Endpoint FlexResponse plug-ins on endpoint computers......
You can deploy Endpoint FlexResponse plug-ins to endpoint computers only after you have installed the Symantec DLP Agents. See the Symantec Data Loss Prevention Installation Guide for information on how to install the agents. Endpoint FlexResponse plug-ins must be installed on your endpoint mputers. Endpoint FlexResponse response rules cannot operate if the plug-in is not installed on each of your endpoint computers. Use a silent nstallation method to install the Endpoint FlexResponse plug-in. Silent installation methods involve systems management software (SMS), which can distribute oftware to all of your endpoint computers. You may need to create SMS scripts to access the installation folder. Installing the Endpoint FlexResponse plug-in is a two-part process:
Now Install the Endpoint FlexResponse plug-in and the FlexResponse utility on your endpoint computers.
Before you can deploy your Endpoint FlexResponse plug-in, the endpoint computers in your organization must first be able to access the physical plug-in
.zip file. You can either place the plug-in .zip file somewhere on a central network share, or you can install the file physically on each endpoint computer. If you use the central network share method, you must ensure that all of your endpoint computers can access the network share. Use the following rocedure if you want to install the plug-in .zip file physically on each endpoint computer. This procedure only instructs you how to access the plug-in .zip file. After you access the file, you must deploy it.
See your individualSMSapplication documentation for more information on how to install using SMS.
To install Endpoint FlexResponse plug-ins
1 In your systems management software package, specify the plug-in(s) that you want to install.
2 Specify the installation parameters such as the installation directory. Plug-ins can be installed anywhere on the endpoint computer because they are deployed to the correct Symantec DLP Agent database later.
3 Specify the msiexec properties.
4 Install the FlexResponse utility to all of your endpoint computers as well. The FlexResponse utility is only available through Symantec and Symantec partners.
Now the next step is Load the Endpoint FlexResponse plug-in using the FlexResponse utility.
The Endpoint FlexResponse utility manages Endpoint FlexResponse plug-ins. The Endpoint FlexResponse utility is not part of the default Symantec Data Loss Prevention download. The utility is only available through Symantec or Symantec partners.
Endpoint FlexResponse plug-ins must be in a .zip package format. You cannot deploy the plug-ins if they are in any other format.
You must use the utility from the Symantec DLP Agent installation tools directory.
To load Endpoint FlexResponse plug-ins
1 From a command window, navigate to the Symantec DLP Agent installation tools directory. <Agent installation directory>\flrinst.exe
2 Enter the following command: -op=install -package=<Plug-in name> where <Plug-in name> is the specific name of the plug-in .zip file.
3 Repeat step 2 until you have loaded all of your plug-ins.
4 Using yourSMSapplication, remove the utility from your endpoint computers.
Procedure Step 4: Enable Endpoint FlexResponse actions on your Enforce Server. Before you can use Endpoint FlexResponse plug-ins in your response rules, you must enable Endpoint FlexResponse functionality through the Enforce Server. By default, Endpoint FlexResponse functionality is not enabled. Enable Endpoint FlexResponse functionality through the Advanced Agent Settings.
To enable Endpoint FlexResponse functionality
1 Go to: System > Agents > Agent Configuration and open the configuration for editing.
2 Click the Advanced Agents Settings tab.
3 Find the PostProcessor.ENABLE_FLEXRESPONSE.int setting.
4 Change the setting to 1.
5 Click Save and Apply.
If you want to Uninstal Endpoint FlexResponse plug-ins usingthe FlexResponse utility
Use the following procedure to uninstall Endpoint FlexResponse plug-ins from your endpoint computers:
To uninstall Endpoint FlexResponse plug-ins from endpoint computers
1 Using a command prompt window, navigate to the Symantec DLP Agent installation tools directory. <Agent installation directory>\flrinst.exe
2 Enter the following command: -op=uninstall -package=<Plug-in name> where <Plug-in name> is the full path where the plug-in resides and the
specific name of the plug-in .zip file.
3 Repeat step 2 until you have uninstalled all of the plug-ins.
If you want to Retriev Endpoint FlexResponse plug-ins from a specific endpoint computer:
Use the following procedure to retrieve a specific plug-in from an endpoint computer.
You can only use the retrieve function on a single endpoint computer at a time. The plug-in appears in the Symantec DLP Agent installation directory
as a .zip file. Inside the .zip file is the plug-in in a .txt format. You can make edits to the plug-in in the .txt file. If you do make edits, you must re-deploy the plug-in to the endpoint computer before the edits take effect. Modified plug-ins only affect the individual endpoint computers where they were modified.
To retrieve an Endpoint FlexResponse plug-in from a specific endpoint computer:
1 On the endpoint computer, open a command prompt window.
2 Navigate to the Symantec DLP Agent installation tools directory: <Agent installation directory>\flrinst.exe
3 Enter the following command:-op=retrieve -package=<Plug-in name> where <Plug-in name> is the specific name of the plug-in .zip file.
4 Look in the Symantec DLP Agent installation directory for a .txt file that contains the same name as the plug-in.
Next is Retrieving a list of ndpoint FlexResponse plug-ins from an endpoint computer
Use the following procedure to retrieve a list of plug-ins that have been installed on a specific endpoint computer. You can only use the list function on individual endpoint computers. You cannot use the list function on a set of endpoint computers. The list of endpoint computers contains only the name of the plug-in package. The list does not contain any type of description about the plug-ins. It is recommended that you use descriptive names for your plug-ins so that you can recognize them within the list. To retrieve the list of Endpoint FlexResponse plug-ins from an endpoint computer
1 On the endpoint computer, open a command prompt window.
2 Navigate to the Symantec DLP Agent installation tools directory: <Agent installation directory>\flrinst.exe
3 Enter the following command: -op=list The list of installed Endpoint FlexResponse plug-ins appears in the Command
prompt window.
Last and final Procedure Step 5: Add Endpoint FlexResponse actions to your policies.
for more information please refer below link.....you will get the more idea about this...
https://www-secure.symantec.com/connect/articles/dlp-policy-block-uploading-file-type-web-httphttps