Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

DLP Application Monitoring for SKYPE: File attachment issue

Created: 11 Oct 2013 • Updated: 11 Oct 2013 | 5 comments

Hi Guys,

I have found that for skype incidents only the name of the attachment is visible and I am not able to open the file attachment.

180px_skype-monitoring.png

Above is the exact application monitoring configuration for skype in our DLP as found in below disussion

https://www-secure.symantec.com/connect/forums/sdlp-and-skype

Is there any particular reason for this issue with file attachments of skype incident?

Is there any way to resolve this so that we can open the attachments in skype incident?

Thanks & Regards.

Operating Systems:

Comments 5 CommentsJump to latest comment

Tanmay B.'s picture

Hi Peter,

Thanks for your feedback. Can you please post the link of above article or a link to an URL where I can enter the article number you provided.

Regards.

Syed Hussain -Compliance Devil's picture

Hi Tanmay,

 

The Article states this

 

 

Applies To
 
  • Vontu DLP Endpoint Discover DLP Endpoint Discover

 

 

 

Problem Summary
 
 

Endpoint Prevent and Endpoint Discover do not retain original file by default.

 

 

Solution
 
  By default, Endpoint does not keep the original files.  The files can be added, however, there will be additional overhead.  The messages between the Endpoint Server and the Endpoint Agent will be larger.  Also, the database space will be increase, which may be significant with Endpoint Discover.

To retain the original file, add a Response Rule to the Endpoint Policy in order to include file attachments.

Actions 
All: Limit Incident Data Retention  
Network Incidents:
Discard Original Message:   
Discard Attachment:   All  Attachments with no Violations  None 
All Endpoint Incidents (Including Endpoint Discover Incidents):
Enabling this option may prevent some events on endpoints from blocking (e.g. Copy to USB). To ensure endpoint prevent works properly, disable the ENABLE_VEP_FILE_ELIMINATION setting from the Endpoint Settings page of the endpoint servers. 
Retain Original Message:   

 

Thanks,

-Syed Hussain

 

If a post solves your problem, please flag it as solved. If you like an item, please give it a thumbs up vote.