This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Control Policy - security hole?

I have created a new data control policy where destination is optical or removal storage, allow transfer and log event and for any of the default files. The policy works to a degree however there are some interesting results.

I have two excel doc's, now if I open doc A and file save as to the removable media nothing gets logged nor do I receive a triggered email? on the client this doesn't even register that an event had taken place? and in the sec console nothing?

If I drag & drop doc B to the removable storage bingo, events are logged both on the client and sec console and I receive my triggered email.

I have sent Sophos all the information, diag logs and even the XML policy however still no joy?

This thread was automatically locked due to age.

Parents

0 QC over 12 years ago

Admittedly it is - but if you read carefully you'll see that it is working as designed and specified:
Storing with an application is not intercepted. "File transfers" using Explorer are. Therefore only the latter get get logged (and IIRC not necessarily each one - it's in one of the older threads). Actually DLP does not scan on write as this would be very complicated (and resource consuming).
Christian
:23187
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 12 years ago

Admittedly it is - but if you read carefully you'll see that it is working as designed and specified:
Storing with an application is not intercepted. "File transfers" using Explorer are. Therefore only the latter get get logged (and IIRC not necessarily each one - it's in one of the older threads). Actually DLP does not scan on write as this would be very complicated (and resource consuming).
Christian
:23187
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data