Endpoint Protection

 View Only

  • 1.  Best solution to prevent copying of files between systems

    Posted Sep 14, 2016 08:09 AM

    Hello,


    What is the best solution to prevent copying of files between systems?

    Would it be a component of SEP or would it be DLP or something else?

    The objective is to CONTROL "file-copying" such that we whitelist file-copying access between approved list of systems, and block the rest.

    We would also want such attempts to be "alerted/logged".

    Any inputs are highly appreciated!

     

    Many Thanks,

    Jimmy

    =-=-=

     



  • 2.  RE: Best solution to prevent copying of files between systems

    Posted Sep 14, 2016 08:21 AM

    Hi,

     

    SEP is configured with the option "Scan when a file is accessed or modified", but we do not see any logs on the SEPM.

    How do we ascertain which logging options need to be chosen in order for it to be logged?

     

    Thanks,

    Jimmy

    =-=-=



  • 3.  RE: Best solution to prevent copying of files between systems

    Posted Sep 14, 2016 08:23 AM

    DLP is what you want. You can use the Application and Device control feature as well but that will take quite a bit of configuring.

    The option you mention above will only be logged if a virus is found. The only way to actually see what is being scanned is to enable VPDebug logging.



  • 4.  RE: Best solution to prevent copying of files between systems

    Posted Sep 14, 2016 10:03 AM

    Thanks Brian!

     

    Is it something that can be "logged" or "alerted" to admins by DLP when a copying-event occurs?

    If YES, how would the behaviour be, when the file-copying takes place between 2 systems, one with DLP agent installed, and other, where, DLP is not installed?


    Secondly, the option on SEPM "Scan when a file is accessed or modified" states the following.

    • Scan when a file is accessed or modified

      Scans the files when they are written, opened, moved, copied, or run

       

    How to get the SEP Client send "log" to SEPM, when the file is copied? We do not see anything any logs on SEPM.

     

    Thanks,

    Jimmy

    =-=-=



  • 5.  RE: Best solution to prevent copying of files between systems

    Posted Sep 14, 2016 10:07 AM

    For DLP questions, you would need to post in that forum.

    The files themselves will be scanned when one of the actions is performed. There is nothing written to a SEP client log though. Enabling VPDebugging would show which files are scanned but there isn't an option to have it written to a log that can be uploaded to the SEPM.

    You're talking about file integrity monitoring (FIM) which isn't a component of SEP.



  • 6.  RE: Best solution to prevent copying of files between systems

    Posted Sep 14, 2016 11:00 AM

    Thanks Brian for the pointers!

    One last question since you have highlighted FIM.

    Would DCS log file-copying? If YES would that be true for both Windows & Linux?

     

    -Jimmy

    =-=-=

     



  • 7.  RE: Best solution to prevent copying of files between systems
    Best Answer

    Posted Sep 14, 2016 11:14 AM

    Yes, DCS should. It has both Windows and Linux agents.



  • 8.  RE: Best solution to prevent copying of files between systems

    Posted Sep 14, 2016 01:15 PM

    Great!

    Thanks for your help Brian!


    -Jimmy

    =-=-=