Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 8521 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DLP Policy not being applied to endpoint(s)

Jason Williams

We are using Sophos Central to manage our policies and Sophos Endpoint on Windows and Mac endpoints.  I'm trying to enable DLP, but it doesn't seem like the policies are being applied to the endpoint.

I've tried both user-based and computer-based policies.  

When I go into the Endpoint Diagnostics > Health State and look at the policies, I see a bunch of policies listed, but I don't see anything resembling DLP (See attached screenshot).

Is there something else I can look at to see what DLP might not be working?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jason Williams ,

    Please see these steps in order to create/edit DLP rules.
    Keep in mind that there are certain limitations to DLP that you may  need to take into account.

    If the issue persists, are other policies working as expected? Is the issue affecting multiple endpoints or just one?
    Also, please provide an example of a rule that you are testing, so I can test it on my end.

    REgarding macOS and DLP, please see this idea entry.
    Regards,



    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    I created two test policies.  One user based, one computer based.

    The user-based policy is using these built-in rules:

    They are set to check all destinations and allow transfer if user confirms.  I did not enable "Send me email alerts".

    The computer-based policy was created with the below built-in rules:

    As with the user policy, all destinations were selected and to allow transfer if user confirms.  Again, I did not enable "Send me email alerts".

    To test, I applied the policies to my user account and my computer (which is a Mac).

    When I transfer a test file with test PII data, nothing happens.  The copy/transfer completes successfully.  I do not get a popup requesting approval, and I do not see anything in Sophos Central indicating that any DLP policy violation occurred.

    Additionally, as I posted in my original question, based on the installed policy list in the Endpoint Protect Help section, it does not look like any DLP policies are being pushed to the Endpoint.

Reply
  • 0 in reply to Barb@Sophos

    I created two test policies.  One user based, one computer based.

    The user-based policy is using these built-in rules:

    They are set to check all destinations and allow transfer if user confirms.  I did not enable "Send me email alerts".

    The computer-based policy was created with the below built-in rules:

    As with the user policy, all destinations were selected and to allow transfer if user confirms.  Again, I did not enable "Send me email alerts".

    To test, I applied the policies to my user account and my computer (which is a Mac).

    When I transfer a test file with test PII data, nothing happens.  The copy/transfer completes successfully.  I do not get a popup requesting approval, and I do not see anything in Sophos Central indicating that any DLP policy violation occurred.

    Additionally, as I posted in my original question, based on the installed policy list in the Endpoint Protect Help section, it does not look like any DLP policies are being pushed to the Endpoint.

Children
Unfiltered HTML