Nando,
So for the endpoint copy to "destination X' there is no Quarantine function.. its either allow or block the transfer of that file to the destination.
When it comes to email, MTA's have a process that allows the email to actually be quarantined to a specific location that is NOT on the host but is on the MTA (mail gateway). So doing this on an endpoint is NOT possible.
The only way this can be done is with a Bypass Key or Term. This is where you can provide a bypass phrase that is provided to the user by the Admin after an event has happened. So DLP systems do that, but they are hardcoded keys, so once you give it to the user, they have the bypass key to bypass all policies. This is a problem as you will need to chage the bypass key, nce you give it out.
The right approach it to have an event created and IF The user thinks its a mistake, is to have them call the help desk and then the Admin to update the policy to allow their file to go through. This way the Policy is updated to not trigger on that file type again or to make sure the policy is accurate.
If the users is allowed to transfer that type of data, then either make the user or machine an exception to the rule.. with mangerial approval.
Again.. the right process needs to be in place to manage the accuracy of the policy.
Good Luck,
Ronak
PLEASE MARKED SOLVED WHEN POSSIBLE