Data Loss Prevention

 View Only

  • 1.  Violations of policies on attached files, are sometimes detected and sometimes not

    Posted May 01, 2013 10:28 AM

     

    Hello,
     
    Someone knows why the Monitor does not detect all mails with attached files that violate any policy?
     
    I mean, I have a policy, with keywords, which determine a protected document. If, sending some Excel file for example with this keyword,  sometimes is detect it, but sometimes doesnt (Network Monitor).
     
    This same file is always detected by the endpoint and discover.
     
    Any idea?
     
    Greetings.


  • 2.  RE: Violations of policies on attached files, are sometimes detected and sometimes not

    Posted May 02, 2013 05:39 AM
      |   view attached

    Check your network monitor policies as there may be variation in detection polivies like parameter no of matches ,please find the attach image for understanding purpose



  • 3.  RE: Violations of policies on attached files, are sometimes detected and sometimes not

    Posted May 02, 2013 12:22 PM
      |   view attached

     

    Hi Sharma
     
    What I mean is that the same policy, records an incident for a file with the keyword I'm watching when it is mailed. But the same file, with the same keyword, in another "email" is not registered as an incident.
    This happens in the Network Monitor.
     
    In Discover, the file is always detected for each scanner running.
    The same in the Endpoint, if I copy it to a usb 10 times in one pc, the 10 times I detected as incident
     
    Attach the image of policy.
     
     

    Note : Recently uploaded media files are still processing:

    • policie_example.jpg



  • 4.  RE: Violations of policies on attached files, are sometimes detected and sometimes not

    Posted May 02, 2013 12:36 PM

    2 questions; is the email path the same every time (ie: are you spanning everything) and 2) is there TLS encryption happening for some emails?

    Aaron



  • 5.  RE: Violations of policies on attached files, are sometimes detected and sometimes not

    Posted May 02, 2013 01:57 PM

     

    Hi,
     
    Yes, i am spanning everything. And i not have de TLS conection.
     
    Let me put a scenario.
    I sent him to my co-worker, an email with an Excel file with the list of phone numbers of all the company.
    And He send it  to someone else in the company (here I detect an incident, because is forbiden share this file).
    This other person, in turn, resend the file to a fourth person. This e-mail with the attached file is no longer detected.
     
    The file is not encrypted.
     
    Greetings