This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Confidential information doubt

Hi all,

I´m beggining to work with the Sophos DLP, so excuse me if my questions are considered to be "basic" :)

A new SEC customer have several xlsm files containing VBA code on it. They want to make sure that only this files are protected by DLP.

Most of the machines are Win7 using Outlook 2007/2010, however some Win8/Outlook2013 are also being used,

Those files don´t contain any particular message that we can use as a content filter rule criteria, so i was trying to use a File Type Rule using "Script/Markup", but despite it blocks those files, all the xlsx are also blocked (i´m assuming that this, is because XML is "contained" on the File Type.

Can you please help me to understant, if my approach to the issue is the best one, or does the customer has to create some data inside every spreadsheet that we can use as a "filter".

Thanks in advance,

:40991


This thread was automatically locked due to age.
Parents
  • Hellp RPLF,

    you've already found out that file type (or rather file type group) is not distinctive enough to select just these files. The description of the files itself is rather general - there's more than one way to put VBA code into {a certain type of office document}. 

    But first of all - what is the rationale for blocking these files? "Secret" or "proprietary" code (please note that DLP can anyway only protect against "accidental" loss/leakage? And which destination(s)? Now it sounds like the customer wants to prevent the xslm files (i.e. those with this specific extension) from leaking - for this purpose you can choose the file name as condition (in this case *.xslm). Of course it's always better to have a positive, non-ambiguous and "immutable" identifier.

    Christian

    :41081
Reply
  • Hellp RPLF,

    you've already found out that file type (or rather file type group) is not distinctive enough to select just these files. The description of the files itself is rather general - there's more than one way to put VBA code into {a certain type of office document}. 

    But first of all - what is the rationale for blocking these files? "Secret" or "proprietary" code (please note that DLP can anyway only protect against "accidental" loss/leakage? And which destination(s)? Now it sounds like the customer wants to prevent the xslm files (i.e. those with this specific extension) from leaking - for this purpose you can choose the file name as condition (in this case *.xslm). Of course it's always better to have a positive, non-ambiguous and "immutable" identifier.

    Christian

    :41081
Children
No Data