Data Loss Prevention

Hello,

I am using Symantec DLP v14.5.

I have license for Endpoint Prevent

I want to monitor emails which are sent through browser and outlook and other mail applications like Windows mail and Mac mail.

Can anyone guide me to build policy.

I have made a policy, it is monitoring mails sent through outlook but not monitoring mails sent through browser application.

You need to go here to register the query in the correct forum:

https://www.symantec.com/connect/security/forums/data-loss-prevention-vontu

Thanks!

Have you checked this thread?

https://www.symantec.com/connect/forums/dlp-block-e-mail-messages-endpoint-prevent

Thanks!

Hello Keval,

Just some tips to get you started...

If your policy is capable to detect incidents probably you are just missing to activate the correct channels in the Agent Configuration.

First go to System/Agents/ Agent Configuration and select the configuration you are using. Then confirm that you have selected all Web channels (Firefox, Chrome, etc.).

Secondly, for non-native supported DLP applications that might be used to send e-mail (e.g. mozilla thunderbird) you will need to add them manually in the Application Monitoring list. And then activate the Application File Access in the Agent config channels (as done in first step).

Don’t forget to add the AFA as detection as well.. and to allocate response rules to the detection.

Regards,

Morgado

Mail through browser will come under HTTP/HTTPS incident and rest of will come under mail client under agent config.

Policy can be created based on content and at some extent at channelwise but if content is common then all channel will trigger incident leads to many false postive.

https://www.symantec.com/connect/forums/dlp-block-e-mail-messages-endpoint-prevent