Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 0 subscribers
  • Views 19865 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Control Policy - security hole?

nerohero

I have created a new data control policy where destination is optical or removal storage, allow transfer and log event and for any of the default files. The policy works to a degree however there are some interesting results.

I have two excel doc's, now if I open doc A and file save as to the removable media nothing gets logged nor do I receive a triggered email? on the client this doesn't even register that an event had taken place? and in the sec console nothing?

If I drag & drop doc B to the removable storage bingo, events are logged both on the client and sec console and I receive my triggered email.

I have sent Sophos all the information, diag logs and even the XML policy however  still no joy?

:23167


This thread was automatically locked due to age.
Parents
  • 0

    Hello nerohero,

    from your description this is the expected behaviour. To make sure I've understood you correctly:

    destination is optical/removable

    action is Allow transfer and log event - neither ... on acceptance ... nor Block

    Before you read on please try the following:

    Change the action to one of the other two values and press OK. You should get a pop up. If you don't, close the policy editor, select Tools from the SEC menu bar and there Confirmation dialogs. Tick the bottom item (Request user authorization ...) and try again.

    A short explanation is given here, the complete text can be read in section 8.3 of the SEC 5.0 policy setup guide.

    Christian

    :23183
Reply
  • 0

    Hello nerohero,

    from your description this is the expected behaviour. To make sure I've understood you correctly:

    destination is optical/removable

    action is Allow transfer and log event - neither ... on acceptance ... nor Block

    Before you read on please try the following:

    Change the action to one of the other two values and press OK. You should get a pop up. If you don't, close the policy editor, select Tools from the SEC menu bar and there Confirmation dialogs. Tick the bottom item (Request user authorization ...) and try again.

    A short explanation is given here, the complete text can be read in section 8.3 of the SEC 5.0 policy setup guide.

    Christian

    :23183
Children
No Data
Unfiltered HTML