Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 24299 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unwanted data control detections

BopBop

We implemented Data Control policy and one of the policy I added is

       Ailment, disease and diagnosis lexicon (ICD-9) [USA]

This policy seems like detecting every thing , even job application which has no data which can flag this policy.

In Sophos Site I found this article

http://www.sophos.com/support/knowledgebase/article/113937.html

it seems like  this policy is still broken. Any ETA when this policy will be fixed?

:24347


This thread was automatically locked due to age.
Parents
  • 0

    Hi BopBop,

    As QC states the KBA is out of date and I've asked for it to be removed from the library. Can you contact Sophos support and provide them with samples of your verbose logs and we'll look into what is causing the false positives.

    As you can imagine with such large dictionaries there will always be a risk of matching a term that in one context would be worth investigating and in another be completely innocuous. We recommend using the list based CCLs in combination with other CCLs such as DOB with qualifying term or a custom MRN definition (in the US) or NHS patient identifier (in the UK).

    Best regards,

    John

    :24613
Reply
  • 0

    Hi BopBop,

    As QC states the KBA is out of date and I've asked for it to be removed from the library. Can you contact Sophos support and provide them with samples of your verbose logs and we'll look into what is causing the false positives.

    As you can imagine with such large dictionaries there will always be a risk of matching a term that in one context would be worth investigating and in another be completely innocuous. We recommend using the list based CCLs in combination with other CCLs such as DOB with qualifying term or a custom MRN definition (in the US) or NHS patient identifier (in the UK).

    Best regards,

    John

    :24613
Children
No Data
Unfiltered HTML