Data Loss Prevention

 View Only

  • 1.  Gmail attachment Incident doesn't show the recipient.

    Posted Aug 27, 2014 05:17 PM
      |   view attached

    Using Symantec DLP Prevent 12.5 (Enforce and Detect Servers)
    We are using GMail as the corporate email.


    We created a policy to detect Productivity documents. The rule is set to check "Message Attachment or File Type Match".
    When an incident is created, it does show that the URL is https://mail.google.com/mail/u/0/, but doesn't show the recipient of the email.

    We want to know the recipient to validate if the email was sent internally or to an external entity.

    It looks like the policy only look in the attachment of the message, not the envelope, so it doesn't show the recipient. The option to include the envelope is dimmed for this policy.

     

    What am I doing wrong here?

     



  • 2.  RE: Gmail attachment Incident doesn't show the recipient.

    Posted Sep 08, 2014 09:00 AM

    Recipient will be seen in endpoint incidents if you are using outlook or lotus notes to send email.

    Recipient will also be seen if you are monitoring outbound smtp gateway using network monitor or network prevent.

     

    However if you are minitorng OWA or some webbased email client using endpoint or web prevent you will not see the recipient.



  • 3.  RE: Gmail attachment Incident doesn't show the recipient.

    Posted Sep 08, 2014 04:39 PM

    Thanks Tariq for the response.

    We are using Network Monitor/Prevent with no end points. Gmail is our enterprise email system.

    Would that be a feature to be requested or would there be another way to achieve that?

    I don't believe that we are the only customer using GMail Enterprise email system.