This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP - browser upload on Win7 64bit not intercepted?

I must admit that I haven't really tested it up to now. While checking Sophos' behaviour with Firefox 5 I noticed that DLP seems to be "unaware" of browser uploads. Using a simple file rule "Block office documents to all destinations" I could upload a speadsheet with IE8 (32 and 64 bit), Firefox 5 and Firefox 3.6. Just to make sure I didn't make a simple mistake I tried putting it on a USB stick and this was blocked. Using the same policy with an XP SP3 client blocked the transfer as expected.

I'm not aware that it shouldn't work on 64 bit systems. Before calling support I just want to check if someone can verify that uploads are intercepted on Win7 64bit. 

Christian

:14497


This thread was automatically locked due to age.
  • Hi Christian,

    It should work on 64 bit versions of Windows 7 so please do raise a support request. We can then have a look at the issue in more detail.

    Thanks,

    John

    :14533
  • Thanks, John

    I stumbled over it while running the tests with Firefox 5. As the machine has an eventful history I suspected a blotched installation. Coincidentally I wanted to run a set of tests for which I had to remove SESC so I uninstalled it. After reprotecting the machine the behaviour hasn't changed so I guess it's worth calling Support. Question is - how can I document/trace that DLP doesn't block the file (there's nothing in the Data Control log, even with verbose logging)?

    Christian

    :14589
  • Support should be able to provide you with a tool to capture more detailed log information.

    Thanks,

    John

    :14751
  • No tool (except for SDU - but the problem is that the "non-blocking" is not logged, so collecting logs won't help). Turned out that what I've observed is by design (I may have found a massive hole in Data Control which is slightly worring?). The funny (or annoying, depending on how you see it) thing is, that it seems to be (or have been) arcane knowledge. Had quite some exchange with Support but nobody thought of it yet.

    While some exempted locations are unlikely to contain sensitive data \Users is dangerous (in my case it was \Downloads where the files resided).

    As you can bypass DLP (to all destinations) by for example archiving the files (unless you forbid archives) - I don't speak of cases where users do it with malicious intent - it has already been said some time ago that more applications (like archivers) should be intercepted. But with these exempted locations it'd be moot.

    Christian 

    :15891