Does Sophos Central Endpoint DLP(Data leakage prevention) feature have an option where if there has been a violation of rules then a message goes to the IT director/IT admin and they can then either allow the action or block it ?

DLP works based on the process, e.g. Chrome.exe for example, opening a file that is subjected to the filename/content rules defined in policy.

Chrome is seen to be opening a file by the on-access scanner: The decisions are to block or alert the user with a popup, until then the request is pending.  

The idea that a process is being blocked from opening a file for the time it takes for the client to send an email, be read by an admin as say an alert in the console, actioned, a policy/command sent down and processed doesn't seem very practical without quite a change to the workflow.

Regards,

Jak

DLP works based on the process, e.g. Chrome.exe for example, opening a file that is subjected to the filename/content rules defined in policy.

Chrome is seen to be opening a file by the on-access scanner: The decisions are to block or alert the user with a popup, until then the request is pending.  

The idea that a process is being blocked from opening a file for the time it takes for the client to send an email, be read by an admin as say an alert in the console, actioned, a policy/command sent down and processed doesn't seem very practical without quite a change to the workflow.

Regards,

Jak