Data Loss Prevention

 View Only

  • 1.  Want to create response rule and want to test on single machine

    Posted Feb 14, 2014 06:12 AM

    Can anyone help me to create policy and responce rule so that in case of any user is out of network the monitoring should be done and removable copy should be blocked. I have created policy and responce rule but wanted to test on my machine based on machine only and not by sender based using creating user group.

     

    please suggest.



  • 2.  RE: Want to create response rule and want to test on single machine

    Posted Feb 18, 2014 02:27 PM

    What we have done is created another endpoint server (a VM) for specifically this purpose.  Then all you have to do is apply the policy to the test server and then move the machine(s) you want to test on to that server.

     

     



  • 3.  RE: Want to create response rule and want to test on single machine

    Trusted Advisor
    Posted Feb 18, 2014 05:35 PM

    Salim,

    Here is a little secret that I do. If you have ANOTHER DLP server that is not and Endpoint server you can have that server be an Endpoint Server too. There is a way that you can have a detection server be an endpoint server and a Discover server or any other server.

    THIS IS NOT SUPPORTED Longterm but helpful when testing.

    Under the System Settings of the server the FIRST line is BoxMonitor.Channels

    Just modify this setting by adding 'Endpoint" at the end of it. (separate it with a comma)

    Then restart the services and bang.. it will now function as 2 different types of detection servers.

    You will then need to point your endpoint agent to that server and then have policy group that applies to that server ONLY..

    Run your tests. and then undo the changes to the BoxMonitor.channels setting.

    The best server to do this with is a Discover server for it will not typically be running at that time.

     

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak