Data Loss Prevention

 View Only

  • 1.  Print blocking on hostname or username

    Posted Dec 06, 2016 11:14 PM

    Hi

     

    Isit possible to print block hostname/username via endpoint agent i tried adding username to the send match in the policy rule seems not to be working, any idea?

     

    Regards



  • 2.  RE: Print blocking on hostname or username

    Trusted Advisor
    Posted Dec 08, 2016 08:33 AM

    hello

     i think best way to do is to have different "agent configuration" (which could be defined per user or hostname) : one in chiwh you monitor printer channel and other one in which you dont. And so you could define after a policy which block all printing action...it will have some effect for user where printer monitoring is activated but not for the others. So like this you will also have light policy on endpoint.

     regards



  • 3.  RE: Print blocking on hostname or username

    Posted Dec 10, 2016 09:27 AM

    It should work, does it produce an incident and just not block or is there no incident or blocking? If there is neither an incident or block, then it's likely either your policy or agent configuration isn't properly configured to detect the event.

    Try making your policy simply detect any 'Printer/Fax' event, with no user specified. If this produces the incident/blocks, then add the user (you don't specify domain name in the Sender Pattern lists, just the username) or target the user through User Groups / Directory Connections. Also try printing in a different program (Office is probably best choice) to make sure it's not a compatibility issue.

    You can also pull logs via Agent Overview, then pull log from Endpoint Server and search for the timestamp you did the printing - it should show the event even if an incident wasn't raised. If there is no event, then make sure Printer/Fax channel is enabled in Agent Configuration and you don't have some file filters that are affecting the bypassing of the print action.

    Dean