Hi all,
Looking for some help with a problem I've got.
Trying to detect/block file transfers through Skype using DLP. We actually have another way to block Skype file transfers in the registry, but would like DLP to catch anyone who has disabled this.
Skype IS configured in Application Monitoring and our DCM keyword policy is applied against Application File Access.
If I try to transfer a file from the local C drive, the Endpoint Prevent monitor kicks in and successfully detects and blocks the file transfer. This is detected as an Endpoint File Application Access incident and brought up the standard "Blocked Activity" window (with the customisable options).
However if I try to transfer a file from a network share, no incident is raised at all. DLP appears to completely miss the activity.
Also please note - we had to change File Open to File Read in the Application Monitoring for Skype, in order to get the local drive incidents to trigger.
Thanks,
Nic