Data Loss Prevention

Hi All,

kindly advise on this. To test sender/recipient pattern with no access in internet?

sample scenario:

1. users with agent install has no access in internet

2. i create policy, which is to notify user

3. in rules: > group>endpoint protocol is network share.

4. sender/recipient pattern 

how do i test this?

Hello,

I believe you are talking about the outlook e-mail sender\recipient. Outlook detection happens before the e-mail is sent, so there should not be any issue or requirement for the internet connection for testing.

It also work if you configure outlook with a dummy account.

Thanks,

Are you using DGM for this policy? 

hi,

Thanks for all reply. if no using outlook or any smtp. 

what should be possible to test this?

thank you,

What is value for sender/recipient? Is it a domain username?

If yes, you may test with the below:

a) login to a monitored system as one of these users

b) try copying something (that matches a policy) to a network share.

Hi Denis,

it is not join to domain. thanks denis

Should not be a problem. As long as your policy has the username, it should apply. Ensure the following:

a) Endpoint agent is installed and registered with your endpoint server

b) You login to the specific endpoint using the username being monitored

c) Your policy has monitor rules for:

- Sender/Recipient = username

              AND

- Endpoint Protocol = Copy to Network Share

d) Your Policy is mapped to a Policy group containing your endpoint server.

This shall enable you test the required. Hope this helps?

Mbuenaobra,

Endpoint agent does not need internet to function. It may only require in case or WAN link for agent endpoint server communication. 

About the "sender/recipient" exception with the network share , it is still a known issue and may not function as expected, with or without internet connection.

Thanks,