Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

DLP User Groups based policies do not work properly on EMail Prevent

Created: 17 Jun 2013 | 1 comment
ggolino's picture

Hello,

I need to create a policy that, on Email Prevent, triggers when a user belonging in a certain AD Group sends out an email containing PAN numbers.

I put the rule "Sender/User based on a Directory Server Group" in my policy, but the behaviour is unpredictable, sometimes it works, sometimes it does not.

I checked LDAP attributes, in both cases, the "email" field is set correctly.

Has anyone had the same problem?

Thanks,

Giovanni golino

Operating Systems:

Comments 1 CommentJump to latest comment

kishorilal1986's picture

Dear gg, Please review your policies as per your detection requirement.

  • Please check below setting in Groups tab in Policy and 
Match Counting: All recipients must match (Email Only)
At least recipients must match (Email Only)

Check for existence (don't count multiple matches)
Count all matches

Match On:
  • and check below
Match Conditions: On whole words only
Check for existence (don't count multiple matches)
Count all matches and only report incidents with at least matches
Match On:
  • Envelope
  • Subject
  • Body
  • Attachments
  Same Component Any Component