Data Loss Prevention

 View Only

  • 1.  Regualr Expression Rule Issue

    Posted Jan 13, 2017 11:45 AM

    I have a regular expression rule that is configured to look at body and attachment only.  However, web browsers are triggering incidents in the header even when envelope is not selected.  Anyone know if there is a bug in 14.5.0.24034 or is this the expected result and if it is the expected result how can I not have the header of web browser traffic scanned if not by unselecting envelope.  This is a policy that is on an endpoint agent.

    Let me now if there is anything else needed to provide an answer.

    Thansk!

    Joe



  • 2.  RE: Regualr Expression Rule Issue
    Best Answer

    Posted Jan 13, 2017 11:51 AM

    Ok, I think I just found my answer.  In the admin guide it says the following:

    Protocol, endpoint, and identity conditions match on the entire message, as does any condition evaluated by the DLP Agent.

    So I take this to mean that checking and unchecking components makes no difference on policies sent to the agents.  This was in the 14.0 guide, is it safe to say that applies to 14.5 a well?

    Joe



  • 3.  RE: Regualr Expression Rule Issue

    Broadcom Employee
    Posted Jan 13, 2017 02:41 PM

    That condition does also apply to 14.5 and 14.6 as well.