Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 19254 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data control messages showing .pst as file for outlook file attachements

Yugandhar

Hi,

We are using Sophos Data control and configured to allow and log the activity of sending the data through mail clients i.e. MS outlook.

Here the problem is data control evetns are showing with the PST file name for all the attachments through outlook and the source location is showing the PST file location instead of original file attachment location.

Is this the limitation of Sophos Data control. if it is the limitation o the expected behaviour then Sophos Endpoint Data contorl is not a perfect suite for Data protection.

Are there anyone identified this issue/resolve this?

Regards,

Yugandhar

:57314


This thread was automatically locked due to age.
  • 0

    Hello Yugandhar,

    you should be aware that DLP has its limitations, and it does not monitor the activity of sending the data through mail clients (for this you'd have to scan at the gateway/MTA). It merely scans files to be read from storage when the application opens them. I'm not using Outlook so I can't say why it reports the PST. What is the exact workflow, how are the files attached and where do the attachments reside?

    Christian 

    :57319
  • 0

    Hi Christian,

    Thank you for the Information!

    Now I understood the concept that if the attachment is taken from local PST file then it will show the source location as PST file location. Correct me if I am wrong. Also, i have seen the logs showing the exact file location while sending through Outlook.

    Also, i understood that Sophos has limitation on detecting the attachments of forwarded mails and "Send as attachment" option in MS office. Am i right?

    Are there any solutions in Sophos to retrive the copy of the attachement which was detected by Sophos Data Control.

    Earlier i worked on SafeGuard Port Protector where it will have copy the uploaded file in shared path for future review. Please help me on the solution.

    Regards,

    Yugandhar.

    :57383
  • 0

    Hello Yugandhar,

    DLP does not copy the "offending" document.

    future review

    to verify that the attachment has rightfully been blocked by DLP or to view the complete document?

    Christian

    :57387
  • 0

    Hi Christian,

    To review the document. For example a roaming user copied the source code in notepad and send/upload to the external parties. DLP logs it simply shows *.txt file if we apply either file type/content type policy. It would be better if we have a option to review the full document which is showing in logs once the user is in office premises.

    Regards,

    Yugandhar. 

    :57407
  • 0

    Sorry.. My answer is to view the complete document.

    :57408
  • 0

    Hello Yugandhar,

    a roaming user ... showing in logs

    DLP is mainly intended for "inside" use (and, as said, is ideally complemented with a gateway solution). Allow and log is not provided as a full auditing tool. The purpose of DLP is to prevent accidental or at most negligent dissemination of confidential or sensitive data.

    Type rules are general and apply to formats, not (or only indirectly) to specific content. There are only five predefined File rules, the two starting with Encrypt form a pair and must be used together.

    DLP definitely can't help in the case of deliberate transfer (instead of attaching a .txt file with source code it could be sent inline) especially from "outside" endpoints. And even if it were possible to get a copy of transferred/attached files you'd have to copy and review all of them. 

    Christian

    :57415