Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP Issue - Content - Unable to detect credit card information

Hi,

just a noob question. I have tried to create a DLP rule content which supposed to detect if end users try send credit card information (in AU format) via email (Outlook, windows mail)

unfortunately, it does not do what it's suppose to do. any missing information I missed or should have included/excluded? pretty much followed all the information from knowledge base.

We have Sophos Central Admin 2013-2019

 

Thanks in advance



This thread was automatically locked due to age.
Parents
  • Hi  

    Please refer to this document which will help you to create a policy in the Sophos Central.

    If you haven't followed it or go through it, please go through this. Even after doing all the steps, you are not able to block it, please let us know.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi, Thank you for this.

    I am still having an issue related to DLP.  

    Scenario 1:

    Creted Content Policy to detect Credit Card Info - WORKED

     

    Scenario 2:

    Added new DLP Content Policy to detect the word "TFN" - FAILED

     

    Scenario 3:

    Removed the  policy created on Scenario 2. 

    Policy on Scenario 1 works again

     

    After Scenario 2 was completed, both Policy fails to function. 

    After deleting 2nd DLP policy, 1st DLP policy went on effect again.

     

    Question: How can we proceed creating a policy for different content rule? For Example, 

    1. DLP Policy 1 - Credit Card Info Content

    2. DLP Policy 2 - Drivers License Content

     

    Reason: We want to make sure, user receives an error message specific to content of the file being blocked.

    Hope I provided a clear information. Thank you

  • Hello Lena Abanes,

    not sure if it is incorrect use of terms or a misconception: both Policy  - only one policy is in effect at a time. A policy can have several rules, the policy is "violated" if at least one rule matches (I use double quotes as the Action could be Allow and log and the transfer is perhaps not considered a real violation). In case several rules match the most restrictive wins (Block → Confirm → Allow).

    an error message specific to content
    AFAIK the desktop message (optionally) includes the matching rule's name, a specific custom message is not possible though.

    Can't say why the single word did not match, could you show what exactly you created?

    Christian

Reply
  • Hello Lena Abanes,

    not sure if it is incorrect use of terms or a misconception: both Policy  - only one policy is in effect at a time. A policy can have several rules, the policy is "violated" if at least one rule matches (I use double quotes as the Action could be Allow and log and the transfer is perhaps not considered a real violation). In case several rules match the most restrictive wins (Block → Confirm → Allow).

    an error message specific to content
    AFAIK the desktop message (optionally) includes the matching rule's name, a specific custom message is not possible though.

    Can't say why the single word did not match, could you show what exactly you created?

    Christian

Children