Data Loss Prevention

 View Only

  • 1.  Incident attachment issue

    Posted Dec 02, 2016 08:37 AM
    From time to time I receive complains from the First Responders team stating that incidents do not have all attachments visible or possible to download. We double checked the policies and all have a response rule doing the full retention of the incidents. Are we missing something? Thanks for your support.


  • 2.  RE: Incident attachment issue
    Best Answer

    Posted Dec 02, 2016 11:59 AM

    Hello,

    Don’t know if you are aware of it but some types of protocols do not support retention of the attachments, even if you have in place a response rule to retain all attachments. That’s because the incident is generated based on the text itself rather than by examining the file (e.g. print protocol).

    Check the full list below.

    Types of Endpoint incident that support data retention:

    1) Removable storage - Yes

    2) CD/DVD - Yes

    3) Local Drive - Yes

    4) Print /fax - No

    5) Clipboard - No

    6) AIM- Yes

    7) MSN - No

    8) Yahoo Messegner - Yes

    9) Outlook - Yes

    10) Lotus Notes - Yes

    11) Application File Access - No

    12) IE (https) - Yes

    13) Firefox (https) - Yes

    14) Http - Yes

    15) FTP - Yes

    16) Copy to local Drive - Yes

    17 Copy to share - Yes



  • 3.  RE: Incident attachment issue

    Posted Dec 03, 2016 03:06 AM
    Thank you . You helped me more than the Support!! Still waiting for their call.....