Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 0 subscribers
  • Views 31893 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Control and Outlook 2007

DC_IT_Manager

I have a case open with Tech Support on this issue, but unfortunately, my confidence is low on a resolution.  They are unable to replicate my issue.  I have exported all of my Data Control rules, files involved, etc.  They just don't see the problem.

The problem is this:  I have a sample file with all of the triggers known to man-kind for triggering Data Control.  And it works perfectly whenever I copy the file to an external storage device such as a USB Drive or SD Card.  Works great.

But, I can open up an email and send this same file as an attachment without any detection whatsoever.  I've replicated this on two different machines in my environment.  One XP.  One Windows 7.  Using Outlook 2007.  Using Outlook Express.  Running Outlook in Safemode.  Copied from a local disk or network share.

The program is essentially useless if you can email confidential documents undetected like some kind of virtual Maginot Line.  I'd love some suggestions or feedback that might point me to a solution, since I'm probably going to have to figure this out myself.

:17511


This thread was automatically locked due to age.
Parents
  • 0
    I see that the attempted explanation is still confusing.
    The inbuilt exclusions (certain system and user folders) exist to avoid application hangs. They are always in effect and the setting for remote files has nothing to do with it. This is not a problem for system and programfiles areas, as there shouldn't be any sensitive files and the typical user has no write access there. The user (profile) are is different - on the one hand a user can put everything everywhere there, on the other hand applications depend on files stored therein. Thus files from these (defined but not really published) locations are never blocked (and consequently not scanned in the first place).

    @John: Just a thought - would it be feasible to log the "bypass" when verbose loggingn is turned on? There's a penalty of course but it would:
    * give an explanation why a file isn't blocked
    * help to understand the reasons for the exemption
    * assure the customer that DLP is working - if not as expected then at least a designed

    Christian
    :17629
Reply
  • 0
    I see that the attempted explanation is still confusing.
    The inbuilt exclusions (certain system and user folders) exist to avoid application hangs. They are always in effect and the setting for remote files has nothing to do with it. This is not a problem for system and programfiles areas, as there shouldn't be any sensitive files and the typical user has no write access there. The user (profile) are is different - on the one hand a user can put everything everywhere there, on the other hand applications depend on files stored therein. Thus files from these (defined but not really published) locations are never blocked (and consequently not scanned in the first place).

    @John: Just a thought - would it be feasible to log the "bypass" when verbose loggingn is turned on? There's a penalty of course but it would:
    * give an explanation why a file isn't blocked
    * help to understand the reasons for the exemption
    * assure the customer that DLP is working - if not as expected then at least a designed

    Christian
    :17629
Children
No Data
Unfiltered HTML