Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP Issue - Content - Unable to detect credit card information


just a noob question. I have tried to create a DLP rule content which supposed to detect if end users try send credit card information (in AU format) via email (Outlook, windows mail)

unfortunately, it does not do what it's suppose to do. any missing information I missed or should have included/excluded? pretty much followed all the information from knowledge base.

We have Sophos Central Admin 2013-2019


Thanks in advance

This thread was automatically locked due to age.
  • Hello Lena Abanes,

    it does not do what it's supposed to do
    hard to say why or what to change without any detail - the exact rule, an example of the content that should be blocked (I assume that's the desired result), and how the content is sent (attachment format and the method used to attach it to the message). 


  • Hi  

    Please refer to this document which will help you to create a policy in the Sophos Central.

    If you haven't followed it or go through it, please go through this. Even after doing all the steps, you are not able to block it, please let us know.


    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi, Thank you for this.

    I am still having an issue related to DLP.  

    Scenario 1:

    Creted Content Policy to detect Credit Card Info - WORKED


    Scenario 2:

    Added new DLP Content Policy to detect the word "TFN" - FAILED


    Scenario 3:

    Removed the  policy created on Scenario 2. 

    Policy on Scenario 1 works again


    After Scenario 2 was completed, both Policy fails to function. 

    After deleting 2nd DLP policy, 1st DLP policy went on effect again.


    Question: How can we proceed creating a policy for different content rule? For Example, 

    1. DLP Policy 1 - Credit Card Info Content

    2. DLP Policy 2 - Drivers License Content


    Reason: We want to make sure, user receives an error message specific to content of the file being blocked.

    Hope I provided a clear information. Thank you

  • Hello Lena Abanes,

    not sure if it is incorrect use of terms or a misconception: both Policy  - only one policy is in effect at a time. A policy can have several rules, the policy is "violated" if at least one rule matches (I use double quotes as the Action could be Allow and log and the transfer is perhaps not considered a real violation). In case several rules match the most restrictive wins (Block → Confirm → Allow).

    an error message specific to content
    AFAIK the desktop message (optionally) includes the matching rule's name, a specific custom message is not possible though.

    Can't say why the single word did not match, could you show what exactly you created?


  • Hey Christian,


    This seems to have resolved my concern. Thanks a lot!!