Hi everybody
In our environment, we use endpoint discovery with keyword matching policies. SMTP (Outlook) and HTTP (IE, Mozilla FF) traffic gets monitored. If sensitive data is found to leave the network, the users will receive a user cancel warning.
So far so good.
I currently ran - by accident - across the following, possible issue:
On some clients, the HTTP traffic is either not getting checked or simply not generating a correlating warning message if sensitive data is POSTed. The OS and IE-version (IE8, IE9, IE10) do not matter (tested WXPSP3 x86 and W7SP1 x64).
How do I come to this conclusion:
To partially test the functionality of the DLP agents on the clients, we use a test-policy with a particular keyword to search for. On the clients that do not generate these warning messages when detecting the keyword in HTTP traffic as they should, a correct warning message is displayed when trying to send out a mail including the test-keyword.
Means: The DLP agent is installed correctly on the machine and receives the test-policy. The HTTP traffic is not checked or no warning is displayed.
How did I test this:
To generate a warning message in IE, I used the pages requestmaker.com or hurl.it where I tested a POST action containing the test-keyword.
Is there any way on how to determine why on some clients the warning messages are not getting displayed? And if it can be determined, next step would be to fix it ...
Any input is appreciated.