Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 9 subscribers
  • Views 6296 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central DLP not filtering corretly

Kasun Bandara

Hi All,

 

i am testing sohpos central with end point client. i have created a DLP test rule with term 'cisco' and configured to stop files destined to removable devices copying. then i created text file with text 'cisco' and copied to pen drive. it is copied successfully. i guess that is not the normal behavior. then i added text 'cisco router' in to text file and tried to copy again. that time file is blocked by end point. anyone know why is it that happening?

thank you



This thread was automatically locked due to age.
  • 0

    Hi Kasun,

    Can you please provide more details regarding the rule you have set up?

    For more info regarding how to set up DLP rules, please have a look at this document 

  • 0 in reply to Barb@Sophos

    Hi,

     

    my rule is attached here. and all destinations selected.

  • 0 in reply to Kasun Bandara

    Hi Kasun,

    Per this article:

    File type Content that is scanned Metadata that is scanned
    Other file formats that appear to contain text Any plain text string longer than five text characters. Document title

    Your text file will have to contain 5+ characters in order to be scanned. I tested with a Test.txt file, body-->"cisco", and it did not get blocked when I tried to copy to an external storage. I then changed the body to -->"cisco 12" and the file was successfully blocked by DLP.  Looks like it needs to be to 6+ characters actually. 

    You can also try creating a different type of file, such an Excel file, and entering "cisco" . The article I linked contains the details of what is scanned for each file type that is supported. 

    Please let me know the outcome. 

    If the issue persists, could you please share the following :
    Content Rule Configuration
    Exclusions if any
    Actions

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?