Data Loss Prevention

I have been trying to generate incidents through test emails i have been placing in the drop folder. The network Monitor displays that the messages went through the server, and the Boxmonitor channels is set to Copy Rule, and Packet Capture. I have edited the policies to ensure that it gets captured, but for some reason, no new incident are generated. 

I have set the policy to match a simple keyword, and dropped an email with the keyword in the body and header, and no new incident was created. I was told that it would work with any format (not necessarily .eml files), but i've already tried both. 

Please help. 

Thanks, 

Critine 

A few simple things to verify.  Is the policy assigned to a policy group that is also assigned to this server?  Secondly, the "Packet Capture, Copy Rule" setting is case sensitive for some reason.

Jeremy

Jeremy,

Thanks for your input. Yes to both questions, but it still isn't generating incidents.

Cristine

Hi Cristine,

Once the below settings are in place did you try restarting the all the Vontu services?

Make sure that you have exactly BoxMonitor.Channels = Packet Capture, Copy Rule

Hi Syed,

Thanks for your comments, i tried that as well, and restarted the server as well a couple of times. i worked on it with a Symantec support consultant, and we've found that the issue was that i was copying the .eml files from another source that wasn't the server where the network monitor/enforce server was. This caused the network monitor not to detect these as incidents.

Thanks for all your help!

Cristine