Data Loss Prevention

Hi everyone, 

I need help with this problem:
generated incidents  with location agent "Off the corporate network", when the agent location is "On the corporate network". Alongside what  could be the problem . Thank you all.

Hello,

I believe that could happen due to different scenarios:

- the agent is not correctly connected to the endpoint server during the incidents (could happen due to some issue on EPS, lack of 'good connecton', etc.)

- the agent changed from external connection to corporate connection but the IP address in cache didnt update (fix: flush dns of the agent/machine)

- the agent does not have connection but the IP address in cache still wrong (fix: flush dns of the agent/machine)

- the agent is using a VPN (in such case will depend on your configurations)

Hello Morgado, thanks for your reply, but the agent resides on the corporate network , and some incidents generated from the endpoint location is "Off the corporate network".

Can you confirm that none of the scenarios I described above happened? I am quite sure that if you repeat the incidents after some time they will be showing on the corporate network. Anyway, in my opinion on and off the corporate network might not be a good 'detection' to create policies or reports since as you can see the results are not very accurate, just indicative.

Thanks for your reply. Yes, none of the above scenarios happened. But the problem persist. Policy is applying "on the corporate network" and  "off the corporate network". That's why this option is not  related to the problem. Do you have any other ideas?