This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP not logging, but stopping applications writing to removable storage

Thread continued from here:

http://community.sophos.com/t5/Sophos-Endpoint-Security-and/Possible-Bug/m-p/19271#M7764

So all my VM's are stored on a removable disk, and i was getting an error: VERR_ACCESS_DENIED from VirtualBox, but no event logs from Sophos? Should it be logging?

Also the Credit Card rule was set to Allow transfer on acceptance by user and log event.

Does this mean the user should be prompted by Sophos to continue?

Jeffrey

:19273


This thread was automatically locked due to age.
Parents
  • Hi Jeffery,

    Christian is correct. When a "request user authorization" or "block" action are used in a data control policy we restrict authorized file transfers to removable storage devices to Windows Explorer. When the applications you are using attempt to write to the removable storage device they are blocked by the Sophos agent. I appreciate that this can be fustrating but the solution is designed this way to enable Sophos to intercept data before it touches the removable storage device. One possible workaround is to explicitly exclude the locations the applications are attempting to write to within the Data Control rule. More detail can be found here: http://www.sophos.com/support/knowledgebase/article/113024.html  

    Best regards,

    John

    Product Manager

    :19289
Reply
  • Hi Jeffery,

    Christian is correct. When a "request user authorization" or "block" action are used in a data control policy we restrict authorized file transfers to removable storage devices to Windows Explorer. When the applications you are using attempt to write to the removable storage device they are blocked by the Sophos agent. I appreciate that this can be fustrating but the solution is designed this way to enable Sophos to intercept data before it touches the removable storage device. One possible workaround is to explicitly exclude the locations the applications are attempting to write to within the Data Control rule. More detail can be found here: http://www.sophos.com/support/knowledgebase/article/113024.html  

    Best regards,

    John

    Product Manager

    :19289
Children
No Data