Data Loss Prevention

 View Only

  • 1.  DLP Agent Configuration HTTPS

    Posted Apr 28, 2017 04:18 AM

    Hi everybody

    I recently got reported an issue where uploads to a website (by IP, not by URL) got blocked.
    Made no sense to me, as the destination IP is internal and actually listed in the Agent Configuration IP Filters to be ignored (in fact, the whole subnet).
    Also, it is configured in a Sender/Recipient pattern to be excluded. The pattern also is assigned to the policy that has been triggered the incidents.

    After some investigation, I saw that the upload is being performed using HTTPS and the Agent Configuration IP Filters only work for HTTP/FTP.

    This is puzzling me now for a while. Is there anything further I can check or do in this case?

    Cheerio



  • 2.  RE: DLP Agent Configuration HTTPS

    Posted Apr 28, 2017 05:57 AM

    Hello Cheerio

     

    can you give a try to create domain fitler execption using port number ?

    Example--> *,-172.19.5.7:443,*

     

    Regards,

    Ajeet Kumar

     

     



  • 3.  RE: DLP Agent Configuration HTTPS

    Posted Apr 28, 2017 07:31 AM

    Hi Ajeet

    No I did not - Would this make any sense at all?
    Just from a logical point of view, since the configuration explicitly states HTTP/FTP.

    Cheers



  • 4.  RE: DLP Agent Configuration HTTPS

    Posted May 08, 2017 02:20 AM

    No ideas on this? The suggested entry does not solve the issue.



  • 5.  RE: DLP Agent Configuration HTTPS

    Posted Jun 20, 2017 07:41 AM

    Hi flutti,

     

    Can you see on the incident if it was created from Web Prevent? Maybe your Policy is not assigned to Web Prevent Policy Group and this is the problem.

     

    I hope that this help you

    Regards!



  • 6.  RE: DLP Agent Configuration HTTPS

    Posted Jun 20, 2017 09:57 AM

    Hi Javier

    Just checked:

    It is not, there is only Endpoint Prevent.

    Regards