Why does DLP Enforce Server time-out when accessing WMI, thereby unloading the lookup plugin? No matter what I set the time-out value to, the lookup plugin unloads and gives an error.
The following script will cause the plugin to unload and create error:
import sys, subprocess, socket, string
import wmi, win32api, win32confor item in sys.argv:
s = item
if "sender-ip=" in s:
a = s.replace(',', '')
userIP = a.strip('sender-ip=')
userloggedon = ""
# perform system lookup of IP address
userIP = "\\\\" + userIP
pst = subprocess.Popen(
["D:\pstools\psloggedon.exe", "-l", "-x", userIP],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE
)
out, error = pst.communicate()
userLoggedOn = out.split('\n')[1].strip()
print 'userId={}'.format(userLoggedOn)
But if I rewrite the script such that it doesn't execute pst=subprocess.Popen(...., then the script executes without error
import sys, subprocess, socket, string
import wmi, win32api, win32confor item in sys.argv:
s = item
if "sender-ip=" in s:
a = s.replace(',', '')
userIP = a.strip('sender-ip=')
userloggedon = ""
# perform system lookup of IP address
userIP = "\\\\" + userIP
userLoggedOn = "DOMAIN\user"
print 'userId={}'.format(userLoggedOn)
Our environment is configured as follows:
1. Script is in D:\SymantecDLP\Protect\plugins
2. DLP Enforce Server is running on Windows Server 2008 where UAC is disabled
3. "protect" account on DLP Enforce Server is local admin
How do I troubleshoot this? Contacting Professional Services is NOT an option for us.
Thank you.