Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 10 subscribers
  • Views 1551 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Loss Prevention - can't get policy to work

Foxbot

Hi,

thanks for helping:

I am currently testing the DLP features of Sophos Endpoint but can't get any rule to work. I have even established a file based rule which I would expect to trigger in any case:

Allow transfer if user confirms

File type matches: spreadsheet

Destination is: [everything; email client, storage, voip, etc.etc]

Action: Allow transfer if user confirms

I have tried copying around a spreadsheet (xlsx) with sample data (to a removalble drive, USB, E-Mail-Message, Signal Messenger) and there's no reaction, pop-up, message or whatever.

I have checked the user: policy applied and enforced

I have updated the Sophos Endpoint Client and checked with the self-help tool: Updates/Policies applied

What am I missing here? Do DLP policies need some time until they are triggered or become fully active? Does implementing a policy need a reboot to activate the policy? I'm really frustrated.



This thread was automatically locked due to age.

Top Replies

  • in reply to Qoosh +1 verified

    I did a full reboot now (2022-12-17, 05:32 am) and this is what I see:

    There is a file_rule now for spreadsheets - but the regkey says it is from 202212162100.... Still, the Endpoint's Self Help Toll states under "Policies" that Sophos Adapater received policies last at Dec 16, 22:00:57. 

    Furhtermore, even with this policiy - I suspect it shall trigger everytime a spreadsheet is copied around or tried to attach to an e-mail (I use Outlook) in any way - nothing happens (no pop-up, no alert in Sophos Central or at the Endpoint).

    Jump to answer
Parents
  • 0

    I am having the exact same error anything I try with DLP doesnt work, created a Policy per Computer, Selected block files type Images, Text and spreadsheets on any client email web USB, but it doesnt block anything the policy is enabled.

    This seems to hae a bug

Reply
  • 0

    I am having the exact same error anything I try with DLP doesnt work, created a Policy per Computer, Selected block files type Images, Text and spreadsheets on any client email web USB, but it doesnt block anything the policy is enabled.

    This seems to hae a bug

Children
No Data
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Cookie Information Banner