Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 0 subscribers
  • Views 12015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP - browser upload on Win7 64bit not intercepted?

QC

I must admit that I haven't really tested it up to now. While checking Sophos' behaviour with Firefox 5 I noticed that DLP seems to be "unaware" of browser uploads. Using a simple file rule "Block office documents to all destinations" I could upload a speadsheet with IE8 (32 and 64 bit), Firefox 5 and Firefox 3.6. Just to make sure I didn't make a simple mistake I tried putting it on a USB stick and this was blocked. Using the same policy with an XP SP3 client blocked the transfer as expected.

I'm not aware that it shouldn't work on 64 bit systems. Before calling support I just want to check if someone can verify that uploads are intercepted on Win7 64bit. 

Christian

:14497


This thread was automatically locked due to age.
Parents
  • 0

    No tool (except for SDU - but the problem is that the "non-blocking" is not logged, so collecting logs won't help). Turned out that what I've observed is by design (I may have found a massive hole in Data Control which is slightly worring?). The funny (or annoying, depending on how you see it) thing is, that it seems to be (or have been) arcane knowledge. Had quite some exchange with Support but nobody thought of it yet.

    While some exempted locations are unlikely to contain sensitive data \Users is dangerous (in my case it was \Downloads where the files resided).

    As you can bypass DLP (to all destinations) by for example archiving the files (unless you forbid archives) - I don't speak of cases where users do it with malicious intent - it has already been said some time ago that more applications (like archivers) should be intercepted. But with these exempted locations it'd be moot.

    Christian 

    :15891
Reply
  • 0

    No tool (except for SDU - but the problem is that the "non-blocking" is not logged, so collecting logs won't help). Turned out that what I've observed is by design (I may have found a massive hole in Data Control which is slightly worring?). The funny (or annoying, depending on how you see it) thing is, that it seems to be (or have been) arcane knowledge. Had quite some exchange with Support but nobody thought of it yet.

    While some exempted locations are unlikely to contain sensitive data \Users is dangerous (in my case it was \Downloads where the files resided).

    As you can bypass DLP (to all destinations) by for example archiving the files (unless you forbid archives) - I don't speak of cases where users do it with malicious intent - it has already been said some time ago that more applications (like archivers) should be intercepted. But with these exempted locations it'd be moot.

    Christian 

    :15891
Children
No Data
Unfiltered HTML