Is Data Control buggy?

Hello Stuart,

am I right in thinking that Data Control simply monitors Windows Explorer transfers

for transfer to removable storage, yes. For upload and attaching it's file open. So you are right that you can type in whatever you want. That's beyond ESDP's scope. This can only be controlled at the gateway. To repeat: The contents of the mail are not inspected.

I have enabled verbose logging on my PC for data control but this adds nothing to normal logs

This is true if you have only content rules. If you add a file rule "nothing" looks like:

    Filename: C:\Download\Liauser.htm
    No rules matched

 And it will also display the "partial" matches of the content rules.

it simply records the file name of the document

Hell, this is one of the logs which you get only in the language of the install. Guess you understand it nevertheless:

20101112 104641	Computername: CCCCCCCCC
        Filename: C:\Documents and Settings\XXXXXXXX\My Documents\SVN_Test3.xls

	File name: C:\Documents and Settings\XXXXXXXX\My Documents\SVN_Test3.xls
	File group: Spreadsheet
	File type: Microsoft Excel-OLE

	  Content Control List Name: AT_SVNR  Trigger weight: 10
	    Expression 0 : '(?:\d{4}([ ]?)(?:0[1-9]|[12]\d|3[01])(\1?)(0[1-9]|1[012])\2\d{2})'  Type: Perl5  Weight: 3
	      Match 1 : Weight applied: 1  Context: 
	oha
	SVNR  ==>0815 111121<== 
	SVNR 0815
	      Match 2 : Weight applied: 1  Context: 1121
	SVNR  ==>0815 111122<== 
	SVNR 0815
	      Match 3 : Weight applied: 1  Context: 1122
	SVNR  ==>0815 11 11 23<== 

	2Pag
	  Content Control List Name: AT_SVNR  Trigger weight: 10
	    Expression 0 : '(?:\d{4}([ ]?)(?:0[1-9]|[12]\d|3[01])(\1?)(0[1-9]|1[012])\2\d{2})'  Type: Perl5  Weight: 3
	      Match 1 : Weight applied: 1  Context: 
	oha
	SVNR  ==>0815 111121<== 
	SVNR 0815
	      Match 2 : Weight applied: 1  Context: 1121
	SVNR  ==>0815 111122<== 
	SVNR 0815
	      Match 3 : Weight applied: 1  Context: 1122
	SVNR  ==>0815 11 11 23<== 

	2Pag

	Matching rules: Microsoft Office documents
_________________________________________________________________________
20101112 104641	Maßnahme "Dateiübertragung zulassen" wurde ergriffen.
		Benutzername: XXX\XXXXXXXX
                Regelbezeichnungen: 'Microsoft Office documents'
		Benutzermaßnahme: Dateiöffnung
		Anwendung: Firefox 3
		Data Control-Maßnahme: Zulassen
		Dateityp: Spreadsheet (Microsoft Excel-OLE)
		Quellpfad: C:\Documents and Settings\XXXXXXXX\My Documents\SVN_Test3.xls

Please note that there are two blocks with the same timestamp - the first showing the details.

There's something which seems to be a bug (don't have the time right now to test it thoroughly): If the rules haven't changed and if a file hasn't changed and if the rules previously permitted transfer (without prompt) a repeated upload/attach will not be logged (even if requested). Hmmm ...

Anyway, adding a file rule for office documents might help you in getting more useful logs.

Christian

Hello Stuart,

am I right in thinking that Data Control simply monitors Windows Explorer transfers

for transfer to removable storage, yes. For upload and attaching it's file open. So you are right that you can type in whatever you want. That's beyond ESDP's scope. This can only be controlled at the gateway. To repeat: The contents of the mail are not inspected.

I have enabled verbose logging on my PC for data control but this adds nothing to normal logs

This is true if you have only content rules. If you add a file rule "nothing" looks like:

    Filename: C:\Download\Liauser.htm
    No rules matched

 And it will also display the "partial" matches of the content rules.

it simply records the file name of the document

Hell, this is one of the logs which you get only in the language of the install. Guess you understand it nevertheless:

20101112 104641	Computername: CCCCCCCCC
        Filename: C:\Documents and Settings\XXXXXXXX\My Documents\SVN_Test3.xls

	File name: C:\Documents and Settings\XXXXXXXX\My Documents\SVN_Test3.xls
	File group: Spreadsheet
	File type: Microsoft Excel-OLE

	  Content Control List Name: AT_SVNR  Trigger weight: 10
	    Expression 0 : '(?:\d{4}([ ]?)(?:0[1-9]|[12]\d|3[01])(\1?)(0[1-9]|1[012])\2\d{2})'  Type: Perl5  Weight: 3
	      Match 1 : Weight applied: 1  Context: 
	oha
	SVNR  ==>0815 111121<== 
	SVNR 0815
	      Match 2 : Weight applied: 1  Context: 1121
	SVNR  ==>0815 111122<== 
	SVNR 0815
	      Match 3 : Weight applied: 1  Context: 1122
	SVNR  ==>0815 11 11 23<== 

	2Pag
	  Content Control List Name: AT_SVNR  Trigger weight: 10
	    Expression 0 : '(?:\d{4}([ ]?)(?:0[1-9]|[12]\d|3[01])(\1?)(0[1-9]|1[012])\2\d{2})'  Type: Perl5  Weight: 3
	      Match 1 : Weight applied: 1  Context: 
	oha
	SVNR  ==>0815 111121<== 
	SVNR 0815
	      Match 2 : Weight applied: 1  Context: 1121
	SVNR  ==>0815 111122<== 
	SVNR 0815
	      Match 3 : Weight applied: 1  Context: 1122
	SVNR  ==>0815 11 11 23<== 

	2Pag

	Matching rules: Microsoft Office documents
_________________________________________________________________________
20101112 104641	Maßnahme "Dateiübertragung zulassen" wurde ergriffen.
		Benutzername: XXX\XXXXXXXX
                Regelbezeichnungen: 'Microsoft Office documents'
		Benutzermaßnahme: Dateiöffnung
		Anwendung: Firefox 3
		Data Control-Maßnahme: Zulassen
		Dateityp: Spreadsheet (Microsoft Excel-OLE)
		Quellpfad: C:\Documents and Settings\XXXXXXXX\My Documents\SVN_Test3.xls

Please note that there are two blocks with the same timestamp - the first showing the details.

There's something which seems to be a bug (don't have the time right now to test it thoroughly): If the rules haven't changed and if a file hasn't changed and if the rules previously permitted transfer (without prompt) a repeated upload/attach will not be logged (even if requested). Hmmm ...

Anyway, adding a file rule for office documents might help you in getting more useful logs.

Christian