Video Screencast Help
New Company Name and Logo Announced. Learn More.

DLP should track false positives

Created: 13 Jun 2011 | 1 comment
xlloyd's picture
5 Agree
0 Disagree
+5 5 Votes
Login to vote

DLP Endpoint Server should keep a list of files (possibly file hashes like SEP12) that have been marked as false positives and automatically mark them as false positives again if discovered multiple times with Endpoint Discover. This way, the same file won't fire of an alert when it's already been recognised as a false positive the next time a scan is done.

It would make sense to make the server mark them after they've been reported rather than the agent simply skip them because otherwise, the agent would have to keep a list locally of each file that has been scanned and marked as a false positive which could make the agent inflated.

Comments 1 CommentJump to latest comment

simiantech's picture

Has this been formalized as a feature modification request?

Login to vote