I have been playing around with the data control policy again, assigned my own machine to a test group.
I have been trying to get Sophos to detect, allow and log bank account details that are attached to the Outlook client.
The following is a test word document named 'Bank details' I have been using:
Bob Smith
Bank account details – 31926819
Sort Code – 521051
Mastercard card – 5487 5489 5225 6554
Expires End – 11/12/12
CCV - 875
I have a rule set that checks for the following:
For any file
where the file contains:
1 or more matches of Bank account details near personally identifiable information [UK],
and 1 or more matches of Bank routing numbers with qualifying terms [UK],
and 2 or more matches of Combination of personally identifiable information [UK],
and 1 or more matches of Confidential document markers [UK],
and 1 or more matches of Credit or debit card numbers near personally identifiable information [UK],
and 1 or more matches of National insurance numbers near personally identifiable information [UK],
and 1 or more matches of National insurance numbers [UK],and 1 or more matches of National insurance numbers with qualifying terms [UK],
and where the destination is Outlook,
Allow file transfer.
Sophos does not log any email attachment that I attach containing those bank details. However, when I apply the following policy and add the header 'confidential' to the bank details word document it triggers the control and logs the event:
For any file
where the file contains:1 or more matches of Confidential document markers [Global],
and 1 or more matches of Credit or debit card numbers [Global],
and where the destination is Outlook,
Allow file transfer.
Not sure why I can't get this working. I just need a policy that checks for bank details, credit card numbers etc that actually works.
This thread was automatically locked due to age.
