Data Loss Prevention

I just have recently found out that despite the configuration of the Agents to monitor HTTP and HTTPS is being ignored and only HTTPS is getting monitored.

This is behaving in IE11 and Chrome the same way.

I have done a couple of tests on dlptest.com and none of the HTTP POST attempts have generated an incident. All HTTPS POST attempts have generated an incident.

Agents are all version 14.5

Any suggestions?

Not totally sure if you're facing the same issue I did - However recently the sample file/buffer size for me, was less than 3KB (bydefault - this could be different in your case) - which is why, detection mechanism was ignoring the sample.

Hence, I recreated the sample/test keyword file as a word document, instead of a notepad. Additionally copy-pasted the keyword on more than 2-3 pages in the word document with the same keyword, which helped.

 

Hi Leadvue

Unfortunately, this is not the case. I have just expanded the files I use for testing to over 3KB and created a Word File to test also.

None of this worked with HTTP but HTTPS still fine.

Have you got HTTP channel selected in the Agent Configuration? It is separate from the browser/HTTPS channels.

Tested this with IE 11 and works perfectly fine. You might want to check the configuration, channels and the policy.

 

 

hello,

 have a look at this article (especially if you have some IP filter in agent configuration) :

https://support.symantec.com/en_US/article.TECH236903.html

 

 regards

Hi guys

It in fact was SEP12 preventing HTTP traffic from being scanned.

The guys at the remote office did not add the DLP agent's directory to the exceptions.

Thanks for all the help!

Cheers