Data Loss Prevention

I am new to DLP, but I have configured endpoint prevent to notify a user via a popup window when they violate company policy by transfering confidential data.

Some higher ups are getting annoyed by the interruption. Is there a way configure endpoint prevent to turn off the pop-up message but still generate an event in DLP? 

Any help that can be provided will be appreciated.

Thanks!

You can create an event without a pop up fi you remove the responce rule. If you stil want to have the pop up for some users but not for others then you would need to create two policies with an exception user group. In the first policy with the pop up you would have the polcy but have a VIP user group that is excluded. The second polocy would be the same from a detection standpoint but would only apply to the VIP users. The second policy would not have the pop up responce rule attached to it. That makes them different policies but for reporting purposes you cna put them into the same policy group that will allow you to report on the policys by policy group ina single line.

As a follow on you may want to ask why they are getting frustrated. Is is becuase the higher ups are the ones violating the policy and thus need to be notified? The pop ups are designed to change user behavior and as such if they are complaining becuase you are forcing them to change undesirable behavior then the issue isnt necessarily techincal but more politics as long as their is a proper way for them to conduct business and not violate the policy. A good example of that is they get the pop up when they send unencrypted email but encrypted with PGP is fine. In this case the pop up is encouraging them to do the right thing so it should be left in place.

Sp_Harris..

If you are talking about the "Scanning" pop-up that shows when you copy files to a USB. Then you need to modify an Advanced Endpoint Server setting.

1. Go to System > Agent >Agent Configuration
2. Select the Endpoint Configuration you are using
3. Then go to the Advanced Agent Settings Tab
4. Make the following change: UI.NO_SCAN.int = 1

This will then reomove the "Scanning" bar.

If you are trying to remove the POP-UP for a response rule.

1. Then you should create a User Group based off of an AD group and make that group part of the Exception for the policy. Unfortunately you will need to add this exception to EACH policy.

If you are trying to have the POP-UP for everyone EXCEPT the VIP's but still record a violation. Then you will need to do a bit more. Pretty much 2 policies.

1. Make sure that the policy you currently have has an exception based on the User Group as mentioned above.
2. You will then need to create another Policy that has the same policy but with an AND statement looking for the AD group.
3. Just make sure you have no response rule associated to that Policy.
4. This is pretty much having 2 policies. One for everyone elase that has a pop-up and the other for the VIP's that does not.

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

Thanks John_Gruhn and DLP Solutions! I really appreciate the help and suggestions!

Response to John_Gruhn:

You are absolutely correct. My initial response was to push back, which is what I did (in the nicest way possible, lol!). But just in case my logic fell on deaf ears and I didn't receive the backing from my management, then I wanted to be able to turn it off as quickly as possible and have the neccessary coverage in place.

Response to DLP Solutions: 

Thanks for the directions. The user was printing up confidential documents. I am not sure as to why, but "The Powers That Be" are aware and working on things from their end. I'll test out your 2 policy suggestion for my own edification.

Thanks again to both of you!