Easy Answer Probably
Created: 25 Jan 2013 | Updated: 25 Jan 2013 | 6 comments
What is the best way to allow emails that are marked as false positives to be sent to the intended recipient?
Thanks!
Discussion Filed Under:
What is the best way to allow emails that are marked as false positives to be sent to the intended recipient?
Thanks!
Comments 6 Comments • Jump to latest comment
can you explain the use case for false positive of email?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Thanks Pete,
We are protecting against PCI and PII. If the blocked message does not fall into either of those categories, it is marked as false positive. With how vital it is to ensure that sensitive info is secure we are not adding any exceptions for them based on body content, attachments or sender. We want to have as much control as we possibly can.
Make sense?
Are you using SMTP Prevent to do this? If so, have you considered using a "Modify SMTP Message" response rule to trigger a downstream quarantine?
A false positive email can be released from the downstream device's quarantine.
You can integrate DLP with Symantec Message Gateway (SMG) to implement an email workflow.
SMG can forward the email to DLP for detection, after the detection of email whether it's confidential, DLP will 'tell' SMG to hold this email for admin's review.
I think we may also do this by applying an Exception to the existing policy . The exception should be a rule of " Match Regular Expression " and then paste the contents of the Email (if text) and try testing it .
enebdu,
We create temporary exceptions and let the e-mails through. If we find that we are having a decent number of the same type of e-mail we will craft a more permanent exception. We also have a list of special codes that our service desk has that someone can put in their e-mail to let it through. These are only used in "emergencies" and each of these incidents is thoroughly investigated.
Would you like to reply?
Login or Register to post your comment.