Data Loss Prevention

I've applied User Cancel response rule. After the eplased timeout seconds, it shows the BLOCK action. And with the same options for User Justification it also provides a checkbox, that says "Apply this justification to subsequent dialogs".
Can the checkbox “Apply this justification to subsequent dialogs resulting from this action”, be removed? Leaving this checkbox ticked is a “lazy” option and allows the user to re-use the same option every time without much consideration.

Hello,

Is not possible to remove only the line “Apply this justification to ..." from the response rule.

If you want to remove it you will need also to remove :

 and:

There is already an enhacement request opened  for this matter.

Regards,

Morgado

While we cant remove the checkbox, it should be noted that the checkbox is really only for single transactions for a limited time. For example if a user tries to email the same file multilpe times in a short period the checkbox would apply. If they then try to go to another channel, say copy to USB instead, then the pop up would come back and the pop up would not apply.

The checkbox only applies to files involved in the same operation AND same policy and does not apply to subsequent actions (unless occur while the popup is still active as per idle timeout setting), even if they are the same file. 

e.g. You copy an entire folder of files that violate the same policy in one copy/paste action to USB, the notification is triggered and leaving the box checked (default) stops it popping up for every single file that violates the policy and applies the same response to all violations...

Removing this option for users would mean you'll get a lot of annoyed people having to provide justifications to a lot of popups, i'd recommend leaving it as is.

Thats helpful. However, it would have been great to have it removed during the assessment phase we are in now and we want users to select the appropriate option which will help refine the policies. Otherwise to avoid pop-ups user will keep that checkbox selected.

On other note, for User-Cancel, can we remove the Timeout and just keep Allow or Cancel?

While you can't remove the timeout, you can increase the countdown time which has a similar effect. In the Agent Configuration, increase the following settings under the Advanced Settings tab

For file system events increase PostProcessor.FILE_SYSTEM_USER_RESPONSE_TIMEOUT.int

For HTTP and FTP events increase PostProcessor.NETWORK_USER_RESPONSE_TIMEOUT.int

For all other event types increase PostProcessor.OTHER_USER_RESPONSE_TIMEOUT

Each of these is the time in seconds, default 60, before the user cancel switches to the block end state. The largest I have seen this in production is 120 seconds however there is no techincal limit. There is a practical limit however since at some point the user not acting becomes a choice in and of itself. If they are unable to decide in a reasonable amount of time its probably safe to err on the side of caution.

I'm not sure that it's helpful enough to outweigh the impact to end users.

If they're copying 50 files in one action (selecting them all or a folder and copy/pasting) all that violate the same policy, the justification is likely going to be identical for all files. Even if it's not identical, the user is going to either complain loudly to a service desk and/or copy/paste the justification to ever single popup anyway.

You may be confusing the bolded requirements for this checkbox to take affect... it is not suppressing subsequent actions, even if they do the exact same action again after closing the popup.