Data Loss Prevention

Hi

I need to block all the files moving from an endpoint to a USB, I create this DATA IDENTIFIER to find any number and any "A-a" letters however is bot being blocked.

\w[A]
\w[a]
\d[1234567890]

Does anyone can help me thanks a lot.

Rigoberto,

I would do this a different way.

Set the policy to look for a file size of 1 byte and then block it AND protocol of USB or CD. Then it won't matter what is in it.

Lot easier to deal with.

Good Luck,

Ronak

PLEASE MARKED SOLVED WHEN POSSIBLE

Hi 

Also the solution to set the policy to block a file with 1 byte is not working.

Is anything being blocked? Do you have a right Endpoint Configuration to inspect USB, CD etc and has the configuration been deployed?

Good Luck,

Ronak

Please marked solved.. 

Hi 

Is not blocking anything, the only way that works is when I use the SSN DI. any other way doesn't work.

The policy is deployed without problem so I do not believe that'st the issue.

Thanks

hi

 check your DLP agent configuration to have USB monitoring active and that you dont have a filter to reject from monitoring file with very low size.

Usually when a "simple" policy as the one described by ronak does not work it is usually due to agent configuration and all different filters which prevent dlp agent to monitor channel or file.

If you have one policy with SSN DI which works fine for USB copy on your workstation, try to add a new rule into this policy and check if rule is triggered by your copy.

 regards