Symantec DLP Network Prevent for Mail, Quarantine and Block response rules.
Need assistance, dont understand how its working..
We implemented financial pack and there 2 response rules for mail (Qurantine and Block), we have forward mode for Network Prevent, so we have local mail server that sends mail forward to Network Prevent and next hope is our MTA thats sends outbound mail.
We imagine thats with "Qurantine SMTP Email" if incidents triger email stop proccesing futher and sits on prev hop mta or on network prevent, but we have incident registered and delivered message to recipient with confidental data..
With block response rule, all going fine. If incident created, email dont going futher, but now we unable to send this mail to recipient if this was false positive.
So, how to work with network prevent for mail in situations when we would like to stop message from proccesing if there policy violating triger and would like to use smart response rule and mark incident as false positive and send mail futher to next hop MTA?