Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

[DLP] Block e-mail messages with Endpoint Prevent

Created: 17 May 2013 • Updated: 21 May 2013 | 8 comments
haroldvm89's picture
This issue has been solved. See solution.

Hello everyone!

I'm implementing DLP solution. My scenario is the following:

---------------------------------------------------------------------------------------------------------------------------------------------------

Enforce ----------- Detection (Endpoint) -------- Altiris SMP (For deploying agent) ------- DLP Client

---------------------------------------------------------------------------------------------------------------------------------------------------

I have a rule for blocking copying sensitive files to removable devices such as USB and DVD

However, I'm looking for a response rule for e-mail. I want to block sensitive data being sent via e-mail attachments (such as OWA, or local e-mail servers)

I do know I can use Network Prevent for Email but, in this particular case, I need to use Endpoint Prevent only

Is it possible? Any ideas how? Thanks in advance!

 

Comments 8 CommentsJump to latest comment

pete_4u2002's picture

endpoint will monitor te endpoint agents.

email prevent license is needed for the email monitoring/prevent.

yang_zhang's picture

Yes, you can use DLP agent to block email message from mail client and OWA.

You need to select the relevant options under Agent Configuration, such as below screenshot:

Agent_Configure.png

And, also, as pete mentioned, you need the Endpoint Prevent license:

Agent_Configure_2.png

 

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
SOLUTION
haroldvm89's picture

Thanks for the reply. 

Can you tell me which configuration should I use on the response rule??? 

jjesse's picture

An Endpoint Prevent response would be the correct one as this deals w/ Endpoint PRevent

Jonathan Jesse Practice Principal ITS Partners

yang_zhang's picture

For the response rule, you can choose 'Endpoint Prevent: Block', such as the screenshot below:

Endpoint_Prevent_Block.png

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
haroldvm89's picture

Thanks yang_zhang. It worked great.

 

kishorilal1986's picture

Thanks Yang,

Nice solution and explaination.

KevinSomers's picture

This is exactly my configuration.  I have a policy to find social security numbers using the data identifier.  The response rule blocks send SSN through Notes, but it does not block when using web mail in IE or Firefox even though both of those options are selected.

Any ideas?