Data Loss Prevention

 View Only

  • 1.  DLP Application Monitoring for SKYPE: File attachment issue

    Posted Oct 11, 2013 06:17 PM

    Hi Guys,

    I have found that for skype incidents only the name of the attachment is visible and I am not able to open the file attachment.

    180px_skype-monitoring.png

    Above is the exact application monitoring configuration for skype in our DLP as found in below disussion

    https://www-secure.symantec.com/connect/forums/sdlp-and-skype

    Is there any particular reason for this issue with file attachments of skype incident?

    Is there any way to resolve this so that we can open the attachments in skype incident?

    Thanks & Regards.



  • 2.  RE: DLP Application Monitoring for SKYPE: File attachment issue

    Broadcom Employee
    Posted Oct 11, 2013 10:04 PM

    are you using endpoint detection server?



  • 3.  RE: DLP Application Monitoring for SKYPE: File attachment issue

    Posted Oct 13, 2013 01:55 AM

    Yes pete we are using endpoint detection server.



  • 4.  RE: DLP Application Monitoring for SKYPE: File attachment issue

    Broadcom Employee
    Posted Oct 13, 2013 02:03 AM

    check this article and let know if it helps

    Article # 54128



  • 5.  RE: DLP Application Monitoring for SKYPE: File attachment issue

    Posted Oct 15, 2013 11:33 PM

    Hi Peter,

    Thanks for your feedback. Can you please post the link of above article or a link to an URL where I can enter the article number you provided.

    Regards.



  • 6.  RE: DLP Application Monitoring for SKYPE: File attachment issue

    Posted Oct 23, 2013 09:20 AM

    Hi Tanmay,

     

    The Article states this

     

     

    Applies To
     
      • Vontu DLP Endpoint Discover DLP Endpoint Discover

     

     

     

    Problem Summary
     
     

    Endpoint Prevent and Endpoint Discover do not retain original file by default.

     

     

    Solution
     
      By default, Endpoint does not keep the original files.  The files can be added, however, there will be additional overhead.  The messages between the Endpoint Server and the Endpoint Agent will be larger.  Also, the database space will be increase, which may be significant with Endpoint Discover.

    To retain the original file, add a Response Rule to the Endpoint Policy in order to include file attachments.


    Actions 
    All: Limit Incident Data Retention  
    Network Incidents:
    Discard Original Message:   
    Discard Attachment:   All  Attachments with no Violations  None 
    All Endpoint Incidents (Including Endpoint Discover Incidents):
    Enabling this option may prevent some events on endpoints from blocking (e.g. Copy to USB). To ensure endpoint prevent works properly, disable the ENABLE_VEP_FILE_ELIMINATION setting from the Endpoint Settings page of the endpoint servers. 
    Retain Original Message: