Data Loss Prevention

 View Only

  • 1.  DLP Policy to flag Read Only Documents

    Posted Jan 22, 2015 01:26 PM

    I need to create an email monitoring policy in SYmantec 11.1 that will flag documents that are marked as "Read Only".  I thought that this will flag the Encrypted Data policy, but it is not.



  • 2.  RE: DLP Policy to flag Read Only Documents

    Posted Feb 03, 2015 07:27 AM

    Dear EMA,

     

    You can create the same policy with adding keyword as " Read Only" and test the same.



  • 3.  RE: DLP Policy to flag Read Only Documents

    Posted Feb 03, 2015 09:46 AM

    Thank you for your response.  So I created a test word doc and marked it as FInal/Read Only.  I then created a policy with the Content Matches Keyword "Read Only".  However, the policy did not flag the document I created.  something changes in the metadata of the document when it's marked as Read Only/Final, but I don't know how to create policies that will look in a document's metadata.  I assumed that the Keyword rule would trigger it but it is not.



  • 4.  RE: DLP Policy to flag Read Only Documents

    Trusted Advisor
    Posted Feb 04, 2015 07:13 AM

    hello

     by default document metadata are not included in DLP analyze. For network probes you need to activate a specific configuration flag in server configuration.

    I dont remember exact name of this parameter but if you go to server configuration UI page, it seems to me that parameter name contains "metadata" and are by default valued to false. Or may someone on this forum will be able to provide exact name of this configuration parameter.

     Regards