Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 19778 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Re: Data control scenario question

RogueViper

I have been playing around this afternoon with the data control policy. Managed to get a rule configured to block all file types apart from .7z to prevent the transfer of data via email and removable storage. 

Sophos is blocking the transfer of data onto a usb stick unless it's in a 7zip format which is good. But it's not blocking any email attachments that I am adding to the Office 2007 Outlook client. I can send any format out and Sophos doesn't prevent this.

Anyone have any ideas on how to fix this? 

:15443


This thread was automatically locked due to age.
Parents
  • 0

    Hello RogueViper,

    care to share your rules? If I understand you correctly you want them in 7z password protected format. Note that file type is not the same as extension (see here under true file type). Now as far as I can see there is no rule which lets you identify an encrypted archive (not considering the strength of the encryption method) and also while there's an archive file type there's no way to select or exclude specific ones.

    Re: Outlook - as you are working with file rules (as opposed to content rules) turning on verbose logging should give you a No rules matched message when the transfer has been detected but not blocked. If you don't get an entry at all please contact Support.  I've an open case concerning browser upload which is still under investigation.

    BTW - I did some tests and encountered scanning errors for files packed with 7-Zip (whether 7z or PK format) - the result is that data transfer is permitted (I'm still thinking about it - right now this is the same behaviour as with the AV scanner where it is probably better not to block in case of an error. But when it comes to DLP - isn't  block the desired behaviour?).

    Christian

    :15481
Reply
  • 0

    Hello RogueViper,

    care to share your rules? If I understand you correctly you want them in 7z password protected format. Note that file type is not the same as extension (see here under true file type). Now as far as I can see there is no rule which lets you identify an encrypted archive (not considering the strength of the encryption method) and also while there's an archive file type there's no way to select or exclude specific ones.

    Re: Outlook - as you are working with file rules (as opposed to content rules) turning on verbose logging should give you a No rules matched message when the transfer has been detected but not blocked. If you don't get an entry at all please contact Support.  I've an open case concerning browser upload which is still under investigation.

    BTW - I did some tests and encountered scanning errors for files packed with 7-Zip (whether 7z or PK format) - the result is that data transfer is permitted (I'm still thinking about it - right now this is the same behaviour as with the AV scanner where it is probably better not to block in case of an error. But when it comes to DLP - isn't  block the desired behaviour?).

    Christian

    :15481
Children
No Data
Unfiltered HTML