Using the DLP Watermark Viewing Tool

For forensic tracking, hidden text can be decrypted and read using the DLP watermark viewing tool.

To view hidden text on a watermarked document:

  1. Copy the document, or a folder of documents, to the DLP Gateway.

  2. On the gateway, run: dlp_watermark_viewer

    Enter the name of one file or the path to a directory that contains a number of files.

  3. The output shows the hidden fields included in the profile.

    Note - Only the hidden text is shown by the tool, not the document's content.

Keys used for decrypting hidden text are stored on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. and downloaded to the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. DLP gateways managed by the same Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. share the same keys and a common (random) ID. The random ID identifies the Security Management Server that installed the DLP policy on the gateway. The viewing tool only shows text added by gateways managed by the same Security Management Server. For example, for a document that has passed through three DLP gateways, each managed by a different Security Management Server, you must copy the file to each gateway and run the tool on each. The tool only shows the hidden text added by that gateway, and not the text added by gateways managed by other Security Management Servers.

Important - If you reinstall a Security Gateway, the keys and random ID are downloaded again from the server. The new gateway can be used to decrypt hidden text added by the old one. But if you reinstall the Security Management Server the random ID is lost. The random ID that the gateway adds to the document does not match the ID of the new Security Management Server. The DLP viewer does not show the document's hidden text.