PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
We're evaluating Sophos Endpoint Protection in part for its DLP functionality. We've used Azure Information Protection to assign classification labels to certain documents in the past, and we'd like to configure Sophos DLP Policies to restrict how labeled files can be accessed.
According to the AIP documentation, each labeled Office / PDF file has a custom property titled set to "MSIP_Label_<GUID>_Enabled=True", where GUID is an identifier for the label.
I created a Custom Rule and Custom Content Control List as follows:
However, Sophos is blocking all files, whether they are classified with that label or not. Any ideas of what I might be doing wrong?
Hello Guilherme Santos,
it's an and, yes. Hm, I'd rather expect that nothing is blocked ... could you turn on (must be done on the endpoint) verbose logging for Data Control and then check or post the log? On second thoughts - are you using Central? I can't say if it's possible with Central and if, how to do it.
In reply to QC:
Yes, I'm using Endpoint Protection managed with Central. I wasn't able to follow the instructions you posted, as the interface is different and doesn't seem to have the options described in the article, but I found a log for Data Control. It doesn't seem very helpful to me, but I'm posting it here just in case:
20180112 175750 A "block transfer" action was taken. The user tried to save or copy a file to a storage device without using Windows Explorer. Username: XXXXXXXXXX User action: File save or copy Data Control action: Block Destination path: E:\Test.docx Destination type: Removable storage20180112 181332 A "block transfer" action was taken. The user tried to save or copy a file to a storage device without using Windows Explorer. Username: XXXXXXXXXX User action: File save or copy Data Control action: Block Destination path: E:\Test.txt Destination type: Removable storage