Video Screencast Help

Violations of policies on attached files, are sometimes detected and sometimes not

Created: 01 May 2013 | 4 comments
Someone knows why the Monitor does not detect all mails with attached files that violate any policy?
I mean, I have a policy, with keywords, which determine a protected document. If, sending some Excel file for example with this keyword,  sometimes is detect it, but sometimes doesnt (Network Monitor).
This same file is always detected by the endpoint and discover.
Any idea?
Operating Systems:

Comments 4 CommentsJump to latest comment

kishorilal1986's picture

Check your network monitor policies as there may be variation in detection polivies like parameter no of matches ,please find the attach image for understanding purpose

APineda's picture
Hi Sharma
What I mean is that the same policy, records an incident for a file with the keyword I'm watching when it is mailed. But the same file, with the same keyword, in another "email" is not registered as an incident.
This happens in the Network Monitor.
In Discover, the file is always detected for each scanner running.
The same in the Endpoint, if I copy it to a usb 10 times in one pc, the 10 times I detected as incident
Attach the image of policy.
AMyers6671's picture

2 questions; is the email path the same every time (ie: are you spanning everything) and 2) is there TLS encryption happening for some emails?


If this post has helped you, please vote up or mark as solution to help others looking for the same data.

APineda's picture
Yes, i am spanning everything. And i not have de TLS conection.
Let me put a scenario.
I sent him to my co-worker, an email with an Excel file with the list of phone numbers of all the company.
And He send it  to someone else in the company (here I detect an incident, because is forbiden share this file).
This other person, in turn, resend the file to a fourth person. This e-mail with the attached file is no longer detected.
The file is not encrypted.