Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 68405 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I may have found a massive hole in Data Control which is slightly worring?

nerohero

It would appear that if you create a Data Control Policy which prevent users from emailing file types to unauthorised email destinations like gmail, webmail, hotmail and attach any document from a network directory it allows the email to be sent (Shocking).

If you attach a file from your local machine it blocks the file fine, it would seem that the Sophos agent has difficulties understanding mapped drives which it pretty shocking for a security product.

Note:

I have sent this information to Sophos to review and I may have missed something so don't take this as gospel.  This maybe an isolated issue which is happening in my environment.

Server 2003 R2 x64 SEC 4.7.0.13

Client Win7 x86 9.5

:15489


This thread was automatically locked due to age.
Parents
  • 0

    Hello John,

    thank you for your replies (and BTW this thread should perhaps be move to the dedicated DLP forum).

    Sorry, BAD might sound a little bit harsh - it's a relic of my days on the mainframe. Only after reading nerohero's post I took a closer look where the test-file resided. On the machines where I've encountered the problem (Win7, W2k8) I just downloaded it using IE and attempted to upload it again. On the virtual test machine where I tried to reproduce the problem I had copied it over to my Desktop. So yes, Downloads is a folder where a user typically saves a file ... Well, I assume engineering will assess which else.

    a relationship between the file exclusion setting and the behavior of the data control policy

    Is it correct that this applies to all exclusions? If I exclude .zip from AV scanning a DLP file rule won't catch them (not even when the transfer is to removable storage)?

    a deliberate design decision to exempt system folders

    No problem if it were SYSTEM - but you just can't lock down temp, caches, archives and configuration folders (I've seen users "backing up" complete external disks to such locations ...).

    Last but not least it is somewhat disappointing that both cases took (quite) some time to resolve - seems the information was only way "up".

    But - again, thank you for the detailed answer 

    Christian

    :15897
Reply
  • 0

    Hello John,

    thank you for your replies (and BTW this thread should perhaps be move to the dedicated DLP forum).

    Sorry, BAD might sound a little bit harsh - it's a relic of my days on the mainframe. Only after reading nerohero's post I took a closer look where the test-file resided. On the machines where I've encountered the problem (Win7, W2k8) I just downloaded it using IE and attempted to upload it again. On the virtual test machine where I tried to reproduce the problem I had copied it over to my Desktop. So yes, Downloads is a folder where a user typically saves a file ... Well, I assume engineering will assess which else.

    a relationship between the file exclusion setting and the behavior of the data control policy

    Is it correct that this applies to all exclusions? If I exclude .zip from AV scanning a DLP file rule won't catch them (not even when the transfer is to removable storage)?

    a deliberate design decision to exempt system folders

    No problem if it were SYSTEM - but you just can't lock down temp, caches, archives and configuration folders (I've seen users "backing up" complete external disks to such locations ...).

    Last but not least it is somewhat disappointing that both cases took (quite) some time to resolve - seems the information was only way "up".

    But - again, thank you for the detailed answer 

    Christian

    :15897
Children
No Data
Unfiltered HTML