Hi,
Configuring the Endpoint Prevent: Block action
The Endpoint Prevent: Block response rule action blocks the movement of confidential data on the endpoint computer and optionally displays an on-screen notification to the endpoint user.
This response rule action is specific to Endpoint Prevent incidents. This response rule is not applicable to two-tiered detection methods requiring a Data Profile.
If you combine multiple endpoint response rules in a single policy, make sure that you understand the order of precedence for such rules.
Note:
The block action is not triggered for a copy of sensitive data to a local drive.
To configure the Endpoint Prevent: Block response rule action
1] Configure a response rule at the Configure Response Rule screen.
You configure response rules at the Manage > Policies > Response Rules > Configure Response Rule screen.
2] Add the Endpoint Prevent: Block action type from the Actions list.
You must configure at least one action for the response rule to be valid. You can configure multiple response rule actions. Each action is evaluated independently.
To define a response rule action
Configure a response rule at the Configure Response Rule screen.
Choose an action type from the Actions list and click Add Action.
For example, add the All: Add Note action to the response rule. This action lets the remediator annotate the incident.
Configure the action type by specifying the expected parameters for the chosen action type.
Repeat these steps for each action you want to add.