Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 4091 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP Email Attachment Not Being Blocked

bad robot

Awhile back I attempted to see if Sophos has resolved DLP not blocking email attachments in Outlook 365 when they are dragged onto the email.  I just tested this again and see it is still not working, has anyone figured out a fix for this.  Basically if you attach a file to an email through a new message using the attach icon it is prompted and blocked but if the user drags and drops the attachment into the email sophos does not see it?

 



This thread was automatically locked due to age.
Parents
  • 0

    I made a case with Sophos on this-

     

    The recommendation is to-

     

    This is a known issue and it is because when a file is dragged into an email in Outlook 2013, it does not get dragged from the original location, it gets moved via a TEMP location and it is this TEMP location that triggers the file transfer action.

    The default TEMP location is:

    C:\Users\[USER]\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\<STRING>\

    By default, this folder is an excluded location so any files transferred from here will not be detected by Data control.

    Please see this article below in order to resolved this issue:

    -----------------------------------------
    Article ID: 122603
    Title: Outlook 2013 - Data Control does not detect the copying of files to an email
    URL: https://sophos.com/kb/122603
    -----------------------------------------

    The KB above is for Outlook 2013 but it applies to 2016, the path is different

    Office 2013 - HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security

    Office 2016 - HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security

     

     

     

    However, this does not work with Office 365, I made the appropriate changes to the registry.  Reopened Outlook and dragged an attachment over that would set off DLP, nothing happens.  Upon further examination with procmon I was able to determine that Outlook will change the registry back to- 

    C:\Users\[USER]\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\<STRING>\

    This happens when a item is dragged over to the new email, basically Outlook does a registry check for the correct string prior to adding the attachment.  What I want to know is it possible to give Sophos permission to scan the-

    C:\Users\[USER]\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\<STRING>\

     

    Any help on this would be great!

  • 0 in reply to bad robot

    Anyone??? Bueller?  Bueller???????

Reply Children
No Data
Unfiltered HTML