Data Loss Prevention

 View Only

  • 1.  how to turnoff the quarantine

    Posted Jul 25, 2016 08:11 AM

    Hello all, we have a agent set to block certain files with a pop up box saying that it has blocked X file and has quaratined the file in the users\*user*\appdata\local\temp\RecoveredFiles folder. Since the files are not being deleted from the source is there a reason why the agent is making a second set of files under the users folder? And is there a way to turn this quarantine off?



  • 2.  RE: how to turnoff the quarantine

    Trusted Advisor
    Posted Jul 25, 2016 08:45 AM

    hello,

     You may have a response rule in your DLP policy which triggered this quarantine when detection and groups rules matchs.

    if you want to remove quarantine , so just remove it from your policy.

     Regards.



  • 3.  RE: how to turnoff the quarantine

    Posted Jul 25, 2016 09:10 AM

    Hello Abhibroad,

     

    This is happening because the user is violating a policy with a document that is not stored/saved in the machine (e.g. a document that has been just created; document that is saved only in the USB stick, etc.). This a default behaviour of DLP to ensure that the end-user does not lose the file. The document will be in quarantine for 48hours.

     

    Regards,

    Morgado



  • 4.  RE: how to turnoff the quarantine

    Posted Jul 26, 2016 04:51 AM
      |   view attached

    Hi,

    Thank you so much for the replies.

    Is there any way that it does not save the document.

    I want it to be straight forward Block.



  • 5.  RE: how to turnoff the quarantine
    Best Answer

    Posted Jul 26, 2016 05:33 AM

    Hello,

     

    As I said in my first answer, the DLP acts like that by design. You can't turn if off (it's like a safe mode to be sure that no information is lost).

    But dont worry, even saving a copy of the document in the machine, the user will be blocked and wont be able to perform actions (e.g. copy to external storage, etc.)