Video Screencast Help

DLP 11.6 Endpoint protection warning dialog blocks remaining file transfer in progress

Created: 08 May 2013 • Updated: 08 May 2013 | 2 comments

If you are copying multiple files from one location to another and there is a DLP detection (false positive or not) and the notification box pops up asking you to choose the justification answer, there is an option available that asks if you would like to apply your answer to additional dialogs.

Even if you click the option, the file transfer will not contine.  So if you are transfering 500 files and a detection happens in the 200th file, you can't get past it.

The users need to be able to continue with the rest of their file transfer.  Right now we do want to block the detected files because we are still working out filtering false positives.  We only want the notification of what is being detected so we can develop filtering and exceptions before we block anything.

What needs to be done to prevent DLP from canceling the rest of the remaining file transfer over one detection?

Operating Systems:

Comments 2 CommentsJump to latest comment

kishorilal1986's picture

Hi Netuser,

Please chcek your responce rule as there may be rule of blocking the confidentail content even though u provide justification, review the reponce rule for endpoint and correct it.

NetUser's picture

There is only a rule to block copying to removable media.  The file was being copied between a workstation and server.

I tested it on my computer by putting a single test file that matched a DLP rule into a folder containing hundreds of files and then copying the entire folder between my workstation and a network share and had the same result.

Once the DLP scan reached the test file, the warning popped up and when I entered the response, the box went away, but the remaining file transfer did not resume.  There is no way to resume the remaining file transfer once the detection happens.

Even if we wanted to block detected files, we would only want to block the single offending file and not halt the entire remaining file transfer containing many other files that do not have files that match a DLP rule.

This is what we need to fix.