Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 68387 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I may have found a massive hole in Data Control which is slightly worring?

nerohero

It would appear that if you create a Data Control Policy which prevent users from emailing file types to unauthorised email destinations like gmail, webmail, hotmail and attach any document from a network directory it allows the email to be sent (Shocking).

If you attach a file from your local machine it blocks the file fine, it would seem that the Sophos agent has difficulties understanding mapped drives which it pretty shocking for a security product.

Note:

I have sent this information to Sophos to review and I may have missed something so don't take this as gospel.  This maybe an isolated issue which is happening in my environment.

Server 2003 R2 x64 SEC 4.7.0.13

Client Win7 x86 9.5

:15489


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    It sounds like the on-access component, well at least the driver is used to filter which files are opened. This would explain why it is subject to the exclusion as I know on-access exclusions are implemented in the driver?  Then, if the processes that is opening the file, as detected by application control identity is the application under the destination as selected in the policy, it subjects the file for examination.  To avoid applications opening their own files and triggering, I suspect there are a few inbuilt exclusions.

    Regards,

    Jak 
     

    :15533
Reply
  • 0

    HI,

    It sounds like the on-access component, well at least the driver is used to filter which files are opened. This would explain why it is subject to the exclusion as I know on-access exclusions are implemented in the driver?  Then, if the processes that is opening the file, as detected by application control identity is the application under the destination as selected in the policy, it subjects the file for examination.  To avoid applications opening their own files and triggering, I suspect there are a few inbuilt exclusions.

    Regards,

    Jak 
     

    :15533
Children
No Data
Unfiltered HTML