Data Loss Prevention

I would like to know the expected behavior of Network Discover if it scans a password protected .mdb file on a network share.  If I place the file in a folder and tell N. Discover to go scan that folder the current behavior is that it will start to scan the item, then reports "Completed Item" in the scan details log as well as the scan detail of the scan, but there are no errors or any incidents reported.  The policy was a test policy and was just looking for keywords that were actually in the .mdb file so is this expected behavior that it doesn't actually report that it couldn't open the file due to the password and reports it back as "completed item"?  

DLP can recognize over 330 and analyze the content of over 100 file types to prevent confidential information, including customer data and intellectual property, from being sent outside the corporate network.
So .mdb is also one among them.

Regarding scaning of password protected .mdb file: DLP cannot crack password protected files but the system CAN detect the existence of password protected files through the use of a policy rule.

Whether it can read the content of password protected .mdb file then I dont think so it can as it has to crack the password in order to get in and read the content.

Hope this information will be helpful for you.

Thank you for the reply but I was expecting there to be an error such as the one where if it detects a .pst file and it can't open the .pst file and you see a string of errors on the scan and the scan details page.  So how would one know if someone placed a password protected .mdb file on a network share that it was even there unless the scan reported it as a scan error?  Maybe this should be an enhancement request.  

Hi,

Definitely, it would be an enhancement request but however in customer’s point of view I would recommend, in the policy you can also add a rule to find out whether it is a password protected file or not. Here, you will be in a position to know how many of them are password protected files.

Hello,

We had the same request from customer. They wanted to know if a password protected file could not be scanned.

We solved it by appliying the "password protected files" policy that many solution packs include.

This gives you a best chance to find out what files are protected and take actions if they don't have to be that way. 

If you want the .mdb file not to leave the company, you can create a policy that uses the file name and create a response rule that denies it from being sending by mail, copy to a usb storage unit or a file share.

Hope this helps.

Regards,

LG

Right now we can only create policy to detect a few file types that are encrypted or password protected (word, excel, zip, etc.) - database file types are not one of them. Unless I am missing something, detecting password protected database files can only be done via a custom script?