Data Loss Prevention

 View Only

  • 1.  Unable to generate incident

    Posted Mar 11, 2014 08:30 AM

    Hello

     

    I have created a basic policy group and applied endpoint server to it.

    created policy - basic PCI & keyword based with a response rule - notify user

    exception are configured to monitor all channles including SMTP,HTTP/S, WEB , REMOVABLE MEDIA etc.

    endpoint agent configuration is used - the default one - and under that selected all channels. ( enabled channels )

    I can see the agent in healthy state and have applied and updated agent config to endpoint server.

    I still do not see any incident created at the endpoint ( traffic also shows no messages )

    I can see processes are running on the endpoint and endpoint is also up and running but incidents would not get triggered.

    have excluded files within SEP pertaining to DLP agent kvoop.exe and few others.

     

    any suggestions to check ?

     

     



  • 2.  RE: Unable to generate incident
    Best Answer

    Trusted Advisor
    Posted Mar 11, 2014 12:54 PM

    Asutariya,

    What is does the policy look like. Can you attach a screen shot of the policy. Why do you have exceptions to the rule?

    I think that you do not have the system configured properly.

     

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak



  • 3.  RE: Unable to generate incident

    Posted Mar 11, 2014 12:59 PM

    Yes Ronak,

     

    Foudn out that exception were enabled instead of deselecting it.

     

    Rgds,

     

    ANkit S.