Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

DLP User Groups based policies do not work properly on EMail Prevent

Created: 16 Jun 2013 | 1 comment
ggolino's picture

Hello,

I need to create a policy that, on Email Prevent, triggers when a user belonging in a certain AD Group sends out an email containing PAN numbers.

I put the rule "Sender/User based on a Directory Server Group" in my policy, but the behaviour is unpredictable, sometimes it works, sometimes it does not.

I checked LDAP attributes, in both cases, the "email" field is set correctly.

Has anyone had the same problem?

Thanks,

Giovanni golino

Operating Systems:

Comments 1 CommentJump to latest comment

kishorilal1986's picture

Dear gg, Please review your policies as per your detection requirement.

  • Please check below setting in Groups tab in Policy and 
Match Counting: All recipients must match (Email Only)
At least recipients must match (Email Only)

Check for existence (don't count multiple matches)
Count all matches

Match On:
  • and check below
Match Conditions: On whole words only
Check for existence (don't count multiple matches)
Count all matches and only report incidents with at least matches
Match On:
  • Envelope
  • Subject
  • Body
  • Attachments
  Same Component Any Component