3CX DLL-Sideloading attack: What you need to know
thanks for helping:
I am currently testing the DLP features of Sophos Endpoint but can't get any rule to work. I have even established a file based rule which I would expect to trigger in any case:
Allow transfer if user confirms
File type matches: spreadsheet
Destination is: [everything; email client, storage, voip, etc.etc]
Action: Allow transfer if user confirms
I have tried copying around a spreadsheet (xlsx) with sample data (to a removalble drive, USB, E-Mail-Message, Signal Messenger) and there's no reaction, pop-up, message or whatever.
I have checked the user: policy applied and enforced
I have updated the Sophos Endpoint Client and checked with the self-help tool: Updates/Policies applied
What am I missing here? Do DLP policies need some time until they are triggered or become fully active? Does implementing a policy need a reboot to activate the policy? I'm really frustrated.