Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 2197 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Control Policy

DC

I setup a test policy on our end points with the Sophos Social Security number CCL and I am trying to get it to email me but allow transfer when this type of data is transfered to a USB and/or CD. I created a test word doc with a fake SSN and the alert did not happen. I have configured SMTP on the anti-virus and HIPS policy and configured my e-mail address for both AV&Hips and data control policy.

Thanks,

DC

:1931


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Couple of pointers / questions:

    • Check the correct quantity setting has been set correctly in the rule. This control how much of a particular data type should be indentified before the aciton is triggered.
    • The CCL in question (Social security numbers [USA]) is looking for SSNs in the following format "NNN-NN-NNNN" (where "N" is a number) can you provide more information on what your fake SSN looks like?
    • To find out more information on how the content analysis process is working through the matching process you can enable verbose data control logging on an endpoint. This shows details on what matched for each file scanned even if the trigger score is not reached.

    Generally the policy configuration guide for ESDP 9 provides some good guidelines on configuring data control: http://www.sophos.com/sophos/docs/eng/manuals/sesc_90_psgeng.pdf

    Best regards,

    John

    Product Manager

    :2024
Reply
  • 0

    Hi,

    Couple of pointers / questions:

    • Check the correct quantity setting has been set correctly in the rule. This control how much of a particular data type should be indentified before the aciton is triggered.
    • The CCL in question (Social security numbers [USA]) is looking for SSNs in the following format "NNN-NN-NNNN" (where "N" is a number) can you provide more information on what your fake SSN looks like?
    • To find out more information on how the content analysis process is working through the matching process you can enable verbose data control logging on an endpoint. This shows details on what matched for each file scanned even if the trigger score is not reached.

    Generally the policy configuration guide for ESDP 9 provides some good guidelines on configuring data control: http://www.sophos.com/sophos/docs/eng/manuals/sesc_90_psgeng.pdf

    Best regards,

    John

    Product Manager

    :2024
Children
No Data
Unfiltered HTML