Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 19780 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Re: Data control scenario question

RogueViper

I have been playing around this afternoon with the data control policy. Managed to get a rule configured to block all file types apart from .7z to prevent the transfer of data via email and removable storage. 

Sophos is blocking the transfer of data onto a usb stick unless it's in a 7zip format which is good. But it's not blocking any email attachments that I am adding to the Office 2007 Outlook client. I can send any format out and Sophos doesn't prevent this.

Anyone have any ideas on how to fix this? 

:15443


This thread was automatically locked due to age.
Parents
  • 0

    The rule is:

     For any file

    where the file type is

     Archive

    or Audio

    or Container

    or Database

    or Design

    or Disk container

    or Document

    or Encryption

    or Encryption - Sophos

    or Executableor Image

    or Information Rights Management

    or Interactive Media

    or Mailor Media Container

    or Medical image formats

    or Object code

    or Office password protected

    or Plain textor Presentation

    or Science/Engineering

    or Script/Markup

    or Spreadsheet

    or Videoor Virtualization Container,

    and where the destination is 

    Removable Storage

    or Outlook ,

    and excluding .7z,

    Block transfer.

    I don't think this policy will work particulary well at the endpoint level. As the .7z format is just an archive format and not a dedicated encryption format. Therefore you could bypass the rules by using 7zip but not bothering to encrypt it. We are considering looking at the Sophos Appliance solution instead now so we can have a complete data loss prevention for email by forcing the encryption of sensitive information and attachments. 

    :15487
Reply
  • 0

    The rule is:

     For any file

    where the file type is

     Archive

    or Audio

    or Container

    or Database

    or Design

    or Disk container

    or Document

    or Encryption

    or Encryption - Sophos

    or Executableor Image

    or Information Rights Management

    or Interactive Media

    or Mailor Media Container

    or Medical image formats

    or Object code

    or Office password protected

    or Plain textor Presentation

    or Science/Engineering

    or Script/Markup

    or Spreadsheet

    or Videoor Virtualization Container,

    and where the destination is 

    Removable Storage

    or Outlook ,

    and excluding .7z,

    Block transfer.

    I don't think this policy will work particulary well at the endpoint level. As the .7z format is just an archive format and not a dedicated encryption format. Therefore you could bypass the rules by using 7zip but not bothering to encrypt it. We are considering looking at the Sophos Appliance solution instead now so we can have a complete data loss prevention for email by forcing the encryption of sensitive information and attachments. 

    :15487
Children
No Data
Unfiltered HTML