Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 68401 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I may have found a massive hole in Data Control which is slightly worring?

nerohero

It would appear that if you create a Data Control Policy which prevent users from emailing file types to unauthorised email destinations like gmail, webmail, hotmail and attach any document from a network directory it allows the email to be sent (Shocking).

If you attach a file from your local machine it blocks the file fine, it would seem that the Sophos agent has difficulties understanding mapped drives which it pretty shocking for a security product.

Note:

I have sent this information to Sophos to review and I may have missed something so don't take this as gospel.  This maybe an isolated issue which is happening in my environment.

Server 2003 R2 x64 SEC 4.7.0.13

Client Win7 x86 9.5

:15489


This thread was automatically locked due to age.
Parents
  • 0

    Hi Christian,

    The exclusions only apply to monitored applicatons and not storage monitoring (removable or optical). Fair point regarding non-system folders. I still stand by the point that the average user is less likely to store files in temp, cache and configuration folders. That's not to say we aren't looking at improved detection processes for monitored applications :) The good news is that DLP adoption is growing on the endpoint and the email appliance so investment is going to continue and we have some neat things on the roadmap. 

    John

    :15927
Reply
  • 0

    Hi Christian,

    The exclusions only apply to monitored applicatons and not storage monitoring (removable or optical). Fair point regarding non-system folders. I still stand by the point that the average user is less likely to store files in temp, cache and configuration folders. That's not to say we aren't looking at improved detection processes for monitored applications :) The good news is that DLP adoption is growing on the endpoint and the email appliance so investment is going to continue and we have some neat things on the roadmap. 

    John

    :15927
Children
No Data
Unfiltered HTML