Data Loss Prevention

 View Only
  • 1.  DLP endpoint not processing XML files

    Posted Aug 12, 2015 03:27 AM

    Hi guys,

    I've setup policy to search all files for restricted content (card holder data), and policy works fine with all text files except xml. Interesting thing that if I delete xml declaration <?xml version="1.0" encoding ="UTF-8"?> endpoint agent starts to work as expected.



  • 2.  RE: DLP endpoint not processing XML files

    Posted Aug 18, 2015 07:03 AM

    Hello,

     

    Check what do you have in "ContentExtraction.MarkupAsText" under Advanced Server Settings. If it's on, your system might be ignoring XML docs.

     

    Cheers,



  • 3.  RE: DLP endpoint not processing XML files

    Posted Aug 18, 2015 10:39 AM

    1.) Right-click the sample XML file and select "Properties"
    2.) Click the "Advanced" button in the "General" tab. A new configuration window opens.

    Could you confirm if the box "Encrypt contents to secure data" is checked?

    Most cases, XML files are pre-encrypted & I think, XML Encryption, also known as XML-Enc, is always on.

    My best guess & hopefully the closest one, is that DLP does not scan encrypted XML files, especially the ones encrypted & not available in free text for content inspection.



  • 4.  RE: DLP endpoint not processing XML files

    Posted Aug 19, 2015 01:29 AM

    HI,

    File is not under EFS encryption nor using XML-enc tags.

     



  • 5.  RE: DLP endpoint not processing XML files

    Trusted Advisor
    Posted Aug 19, 2015 04:47 PM

    Are you using Endpoint Discover or just the Copy to USB etc??

    Make sure there are no filters on the file type..

     



  • 6.  RE: DLP endpoint not processing XML files
    Best Answer

    Posted Aug 31, 2015 01:18 AM

    Already found solution

    In agent config both detection.markup_as_text and ContentExtraction.MarkupAsText must be set to "on"