Data Loss Prevention

 View Only

  • 1.  Keyword DCM condition issue (e-mail)

    Posted Oct 30, 2015 01:16 PM

    Hello,

    My DLP 14 (endpoint prevent license) can't differentiate the difference between the match on Body vs match on Subject for emails. I would like to create a compound that allows me to say to create an incident if the keyword X is found in Subject AND if the keyword Z is found in the body of the email.

    Currently the incident is generated no matter where both keywords are found; in body OR subject.

    Is this happening to someone else?

     

    Thanks.

     



  • 2.  RE: Keyword DCM condition issue (e-mail)

    Posted Nov 06, 2015 08:20 AM

    Hello Morgado,

    Can't you use this ?

    MatcAND.png



  • 3.  RE: Keyword DCM condition issue (e-mail)

    Posted Nov 07, 2015 04:04 PM

    Hello Thomas,

    I wish I could.. but it doesn’t work with the endpoint prevent. DLP can’t differentiate if the keyword is in body or email. Both keywords in body will generate an incident as well.

    Already submitted a case to Symantec.

     

     



  • 4.  RE: Keyword DCM condition issue (e-mail)
    Best Answer

    Posted Nov 16, 2015 04:20 AM

    I got the confirmation that DLP is not capable of differentiate it on endpoint channel, just network. Closing this topic.