Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1604 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible Bug

JEFFERY

I have Sophos Enterprise 4.7.0.13

I'm having issues getting the highly sensitive rules working. I have made a test data control policy and test group and put myself in it,  if I enable, say the transfer of multimedia files, or Office documents to removable media, it works every time, but if I wanted to know who was copying certain files from our network, I read that you have to add the metadata XXX to say a jpeg, or docx files to trigger the highly sensitive rule? I've done this and i cant seem to trigger the alert. Any ideas? currently I'm opening the properties of a word file, going to the details tab, and adding XXX to different rows, I've also tried opening a jpeg with Adobe Bridge and editing the metadata that way and still nothing.

Any advice would be appreciated.

Jeffery

:19213


This thread was automatically locked due to age.
  • 0

    I'm an idiot, you have to add CTRL:XXX

    Not just XXX

    :19215
  • 0

    Ok I'm pretty sure this is a bug...

    I have 3 rules on under "Data Control"

    Confidential documents

    Credit of debit card numbers

    Files marked as "highly sensitive"

    If i enable this Data Control Policy, i cannot open removable media through applications like virtualbox.

    Pulling my hair out all morning as to what is causing these issues, disabling this policy fixed the issues.

    Its also not just Virtualbox that is having issues, using Xboot to try and make a bootable USB, i was also getting errors.

    See screenshots:

    http://imgur.com/YsM25,7SKyI#1

    :19253
  • 0

    Hello Jeffery,

    did you get just these errors or did you also get a notification from Data Control? Note that when Removable media is selected as destination and the action is either Allow on acceptance or Block applications are not permitted to write to removable media.

    Christian

    P.S.: the dedicated DLP forum is perhaps the better place to discuss this 

    :19261
  • 0

    Nope, no logs from Data Control Event Viewer, just these errors on my machine.

    The Confidential Documents, and Highly Sensitive rules were set to Allow transfer, and log event.

    But like you said Credit Card rule was set to Allow transfer on acceptance by user and log event.

    Changing this to Allow transfer and log event has fixed this.

    And thanks, i'll start a new thread in that forum.

    Jeffery

    :19271