Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 7556 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does Sophos Central Endpoint DLP(Data leakage prevention) feature have an option where if there has been a violation of rules then a message goes to the IT director/IT admin and they can then either allow the action or block it ?

Kandarp Desai1

This would be appropriate because the control goes directly in the hands of IT head rather than users.



This thread was automatically locked due to age.
  • 0

    Hello Kandarp Desai1,

    the Endpoint software doesn't have the concept of external (human) decision - what's more DLP decisions have to be immediate as most applications won't tolerate arbitrary delays when trying to open a file.
    If you're thinking about something like "future whitelisting", i.e. allowing the transfer for certain documents in the future this wouldn't be feasible.

    Christian

  • 0

    DLP works based on the process, e.g. Chrome.exe for example, opening a file that is subjected to the filename/content rules defined in policy.

    Chrome is seen to be opening a file by the on-access scanner: The decisions are to block or alert the user with a popup, until then the request is pending.  

    The idea that a process is being blocked from opening a file for the time it takes for the client to send an email, be read by an admin as say an alert in the console, actioned, a policy/command sent down and processed doesn't seem very practical without quite a change to the workflow.

    Regards,

    Jak

Unfiltered HTML