Data Loss Prevention

 View Only

  • 1.  Issue

    Posted Sep 09, 2016 06:12 AM

    We put together a response rule to retain all incident attachments, though in some incidents the attachments are not available to download in console. ONly the name of attachment is visible. Where can we extract them? thanks in advance.



  • 2.  RE: Issue
    Best Answer

    Trusted Advisor
    Posted Sep 09, 2016 07:12 AM

    hello,

     As far as i know it is not possible for some endpoint channels (like "printer").

    what is your incident type (network  / endpoint / discover / mobile / cloud) ?

     Regards.



  • 3.  RE: Issue
    Best Answer

    Posted Sep 09, 2016 08:36 AM

    Hello,

     

    As Stephane said, some types of incidents can't retain the attachments. Check this list below.

     

    Types of Endpoint incident that support data retention:

    1) Removable storage - Yes

    2) CD/DVD - Yes

    3) Local Drive - Yes

    4) Print /fax - No

    5) Clipboard - No

    6) AIM- Yes

    7) MSN - No

    8) Yahoo Messenger - Yes

    9) Outlook - Yes

    10) Lotus Notes - Yes

    11) Application File Access - No

    12) IE (https) - Yes

    13) Firefox (https) - Yes

    14) Http - Yes

    15) FTP - Yes

    16) Copy to local Drive - Yes

    17) Copy to share - Yes

     

    Regards,

    Morgado



  • 4.  RE: Issue

    Posted Sep 09, 2016 09:35 AM

    thank you both. I undertsand that might be the reason.