Data Loss Prevention

Hi All,

My DLP endpoint agent is detecting multiple header count for Printer/Fax as per my screenshot, please advicse?

What version of the Endpoint agent are you using? - there might be a hotfix for the agent version you ae using.

Also what application is seeing this?

It could be how the application is spooling the pinter job.

Is this happening on all prints?

Good Luck,

PLEASE MARKED SOLVED WHEN POSSIBLE

Ronak

We're using DLP Endpoint Agent 14.6, yes all printers.

Anybody with similar issue, this happened especially on Microsoft Word.

We see this on some printer/fax incidents.  We are on v15.0 using 14.6 agents.  We have very few policies actually monitoring print so we haven't put any effort into troubleshooting.

We set threshold for print policies, where it will only trigger incident on certain treshold, but due to this issue, its causing multiple false positive.

Hi DLP team, how many roles do you have on this policy ?

DLP team, the solution is to create the policy based on protocol exceptions. This will eliminate a match for the protocol completely.

So in the policy create the detection rule for detecting whatever content you are interested in protecting.

Then create an exception rule for protocols and select all the protocols EXCEPT print/fax.  This will result in policy being applied only when printing.

Hi Solution Provided by DLP Freak is best at the moment. We also faced similar issue with version 14.6 and 15.1 but was informed by Symantec that this is a known issue and there is a etrack number (I cannot recall it) pendig for resulation. 

For threshholed you can use response rules based on Monitoring Protolol and select Printer\Fax.

Regards