Data Loss Prevention

 View Only

  • 1.  Generating only one Endpoint:Notify response rule per transfer to USB.

    Posted Apr 12, 2018 03:25 PM

    We would like to configure a notification box that kindly notifies them to be mindful of what they are copying to external storage whenever a file is being sent to a USB device.  Obviously we don't want to block such actions, or else we would do this through GPO, but we just want to create more awareness.

    It's a simple policy to setup except one thing....since each file being sent to a USB drive is generating another "incident" as I"m testing this, the pop-up box comes up once for every file transferred.  Clearly that's a terrible user experience and we won't deploy that to the organization....but one notification for the first file would be great.

    Can anybody advise as to how to accomplish?



  • 2.  RE: Generating only one Endpoint:Notify response rule per transfer to USB.

    Posted May 09, 2018 07:38 AM

    Hi Christopher,

    DLP Policy should be such that it identifies confidential/senstive information and subsequently on your users endpoints whenever they are transferring files they will not get a popup every time rather they will only get a popup when they are transferring confidential information. In the intial stages, you would be notifying them, raising their awareness and you would be getting visibility of the confidential/sensitive files usage. Afterwards you could implement blocking rules if needed/required.

    The popups will not come up every time a file is transferred only when the confidential/sensitive information identified in the DLP Policy is transferred will the popup come up. Hope this helps.

    Kind regards



  • 3.  RE: Generating only one Endpoint:Notify response rule per transfer to USB.

    Posted May 09, 2018 07:38 AM

    Hi Christopher,

    DLP Policy should be such that it identifies confidential/senstive information and subsequently on your users endpoints whenever they are transferring files they will not get a popup every time rather they will only get a popup when they are transferring confidential information. In the intial stages, you would be notifying them, raising their awareness and you would be getting visibility of the confidential/sensitive files usage. Afterwards you could implement blocking rules if needed/required.

    The popups will not come up every time a file is transferred only when the confidential/sensitive information identified in the DLP Policy is transferred will the popup come up. Hope this helps.

    Kind regards



  • 4.  RE: Generating only one Endpoint:Notify response rule per transfer to USB.

    Trusted Advisor
    Posted May 09, 2018 03:04 PM

    Christopher..

     

    Keep in mind that the USER can check the box at the bottom of the pop-up to use the same response for all of the subsquent pop-ups from the same transmission.

     

    Also there may be a setting in the Agent Conifugration (Advanced) where you can set the number of pop-up in a specific amount of time. Try the following and see how it works..

    Make sure to apply the configuration to the Servers.

     

    UI.CONSECUTIVE_TRANSACTION_TIME.str

    10

    Maximum time, in seconds, between two file operations to be considered as a single transaction.

     

    UI.POPUP_QUEUE_LIMIT.int

    100

    The limit of pop-up notifications that a user sees in a single session. These pop-up notifications require a user justification for the validation. If the limit is exceeded, any pop-up notifications past the limit automatically contain a Not Applicable (N/A) justification.

    Good Luck

    Ronak

    PLEASE MARKED SOLVED WHEN POSSIBLE