We'd love to hear about it! Click here to go to the product suggestion community
just a noob question. I have tried to create a DLP rule content which supposed to detect if end users try send credit card information (in AU format) via email (Outlook, windows mail)
unfortunately, it does not do what it's suppose to do. any missing information I missed or should have included/excluded? pretty much followed all the information from knowledge base.
We have Sophos Central Admin 2013-2019
Thanks in advance
Hello Lena Abanes,
it does not do what it's supposed to dohard to say why or what to change without any detail - the exact rule, an example of the content that should be blocked (I assume that's the desired result), and how the content is sent (attachment format and the method used to attach it to the message).
Hi Lena Abanes
Please refer to this document which will help you to create a policy in the Sophos Central.
If you haven't followed it or go through it, please go through this. Even after doing all the steps, you are not able to block it, please let us know.
In reply to Jasmin:
Hi, Thank you for this.
I am still having an issue related to DLP.
Creted Content Policy to detect Credit Card Info - WORKED
Added new DLP Content Policy to detect the word "TFN" - FAILED
Removed the policy created on Scenario 2.
Policy on Scenario 1 works again
After Scenario 2 was completed, both Policy fails to function.
After deleting 2nd DLP policy, 1st DLP policy went on effect again.
Question: How can we proceed creating a policy for different content rule? For Example,
1. DLP Policy 1 - Credit Card Info Content
2. DLP Policy 2 - Drivers License Content
Reason: We want to make sure, user receives an error message specific to content of the file being blocked.
Hope I provided a clear information. Thank you
In reply to Lena Abanes:
not sure if it is incorrect use of terms or a misconception: both Policy - only one policy is in effect at a time. A policy can have several rules, the policy is "violated" if at least one rule matches (I use double quotes as the Action could be Allow and log and the transfer is perhaps not considered a real violation). In case several rules match the most restrictive wins (Block → Confirm → Allow).
an error message specific to contentAFAIK the desktop message (optionally) includes the matching rule's name, a specific custom message is not possible though.
Can't say why the single word did not match, could you show what exactly you created?
In reply to QC:
This seems to have resolved my concern. Thanks a lot!!