Ayuda de vídeo de Screencast

Easy Answer Probably

Created: 25 Enero 2013 • Updated: 25 Enero 2013 | 6 comments

What is the best way to allow emails that are marked as false positives to be sent to the intended recipient?

Thanks!

Comentarios ComentariosIr al último comentario

el cuadro de los pete_4u2002

can you explain the use case for false positive of email?

el cuadro de los enebdu

Thanks Pete,

We are protecting against PCI and PII. If the blocked message does not fall into either of those categories, it is marked as false positive. With how vital it is to ensure that sensitive info is secure we are not adding any exceptions for them based on body content, attachments or sender. We want to have as much control as we possibly can.

Make sense?

el cuadro de los Mark N

Are you using SMTP Prevent to do this? If so, have you considered using a "Modify SMTP Message" response rule to trigger a downstream quarantine?

A false positive email can be released from the downstream device's quarantine.

el cuadro de los yang_zhang

You can integrate DLP with Symantec Message Gateway (SMG) to implement an email workflow.

SMG can forward the email to DLP for detection, after the detection of email whether it's confidential, DLP will 'tell' SMG to hold this email for admin's review.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
el cuadro de los DLP Enthusiast

I think we may also do this by applying an Exception to the existing policy . The exception should be a rule of " Match Regular Expression " and then paste the contents of the Email (if text) and try testing it .

el cuadro de los Jsneed

enebdu,

We create temporary exceptions and let the e-mails through.  If we find that we are having a decent number of the same type of e-mail we will craft a more permanent exception.  We also have a list of special codes that our service desk has that someone can put in their e-mail to let it through.  These are only used in "emergencies" and each of these incidents is thoroughly investigated.