Data Loss Prevention

Hi,

how to block any application or restrict the user from accessing it and for the specific users ? , as in Application Monitoring we  can see only monitoring and not restricting it, please guide through. 

Appreciate any help on this

Thanks in advance.

Hello,

First of all, you can’t specify which Software/App to block, you will need to block all the Apps listed in the Application Monitoring.

In order to do it, create a detection based on "Protocol and Endpoint Monitoring", select Endpoint Applications: Application File Access. That’s all for detection.

Then in Groups tab, add a rule to select the users that will be restricted to use the Applications (e.g Sender/User Matches Pattern).

To finalize go to last tab of policy creation, Response. There add a Response Rule to Block.

Bear in mind that the  Application File Access must be ticked in the Agent Configuration\ Agent Monitoring in order to activate the Application Monitoring list to the Agents.

Regards,

Gonçalo

Thanks for your comments

one last question does DLP server work on linux plaform.

I mean if Customer wants to install DLP server on linux machine. it will work.

thanks in advance.

Thanks for your comments

one last question does DLP server work on linux plaform.

I mean if Customer wants to install DLP server on linux machine. it will work.

thanks in advance.

Hello,

Yes, you can do it.

Regards,

Morgado

Thanks Morgado.

can you pls help me with the reference material or best practises on how to install dlp on linux platform.

many thanks in advance

Check the doc below, it has more information about Server requirements after page 18.

https://support.symantec.com/en_US/article.DOC9256.html

Thanks Morgado...you are great.... :)