Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 9847 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Users receive "The file is being scanned for sensitive material. Please Wait"

kesm0724

Hello All,

Hopefully someone can assist with this.  A few of our clients at remote locations are getting a message I'm assuming related to the data control module when they open Outlook.

"The file is being scanned for sensitive material.  Please Wait"

First is there any way for this not to be presented?

Second we only monitor file transfers (Microsoft Office documents, presentations, adobe documents, etc) - log and allow transfer -  to Outlook so why is it actually scanning upon starting Outlook up?  I've tried uninstalling sophos and reinstalling but the same behavior comes back.  Again - this only occurs on a handful of clients. 

I do not have the policy configured to scan for any personally identifiable information....we only want to know if a file is being copied and to which application (outlook, IE, firefox, etc).  And we'd like for it to occur in the background without displaying this huge message on the users screen.  :)

:3150


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    The dialog will appear when SAV is scanning a file for data control which takes beyond a few seconds.   Rather than hanging the window, this dialog is used to provide some feedback to the user something is happening.  

    As an example say I block Excel files from being uploaded to the web via Firefox, if the file in question is a large Excel spreadsheet, say 50MB and I have a complex data control rule, the engine will have to extract all the strings within the document once and then run them by the rules, this is the only way it can work to ensure nothing is missed.  This text extraction phase would have to be dependant on the size and complexity of the file so it's largely an unknown.  The rule matching phase would be dependant on the number of rules also, so both of these are variable.

    So with Firefox being the "destination" in this case (which is detected to be Firefox using the engine (using application control rules)) If the Excel file is not from an excluded location on disk, as it is loaded by Firefox.exe it is scanned and Firefox is essentially halted from reading the file until SAV is done with it.  Different applications will behave differently when potentially being denied a file in this way, so might hang the GUI thread in some cases I would expect, so a top most window indicating to the user something is happening is a compromise to a non responding application window in some cases.

    So any time the "The file is being scanned for sensitive material.  Please Wait" message appears, the file being opened by the applications executable, be it firefox.exe, iexplore.exe,outlook.exe, etc.. must have opened it and the rules specified are interested in it. So running Process Monitor filtered on the destination application of choice, e.g. Firefox.exe and objects of the file class, you should see the files Firefox.exe is opening, if these are from a non excluded location (I believe there are a few hard coded exclusions) and are file types of interest based on your rules they will be scanned by the data control component. If it makes sense you can then optionally decide to exclude some of these file paths for the rules if this would help or change the rules, especially custom control control ones to be less broad.

    I would also suggest turning the logging in SAV for the DataControl component to Verbose, this will then log more about the rules being fired.

    I hope this helps.

    Thanks,

    Jak 

    :3166
Reply
  • 0

    Hi,

    The dialog will appear when SAV is scanning a file for data control which takes beyond a few seconds.   Rather than hanging the window, this dialog is used to provide some feedback to the user something is happening.  

    As an example say I block Excel files from being uploaded to the web via Firefox, if the file in question is a large Excel spreadsheet, say 50MB and I have a complex data control rule, the engine will have to extract all the strings within the document once and then run them by the rules, this is the only way it can work to ensure nothing is missed.  This text extraction phase would have to be dependant on the size and complexity of the file so it's largely an unknown.  The rule matching phase would be dependant on the number of rules also, so both of these are variable.

    So with Firefox being the "destination" in this case (which is detected to be Firefox using the engine (using application control rules)) If the Excel file is not from an excluded location on disk, as it is loaded by Firefox.exe it is scanned and Firefox is essentially halted from reading the file until SAV is done with it.  Different applications will behave differently when potentially being denied a file in this way, so might hang the GUI thread in some cases I would expect, so a top most window indicating to the user something is happening is a compromise to a non responding application window in some cases.

    So any time the "The file is being scanned for sensitive material.  Please Wait" message appears, the file being opened by the applications executable, be it firefox.exe, iexplore.exe,outlook.exe, etc.. must have opened it and the rules specified are interested in it. So running Process Monitor filtered on the destination application of choice, e.g. Firefox.exe and objects of the file class, you should see the files Firefox.exe is opening, if these are from a non excluded location (I believe there are a few hard coded exclusions) and are file types of interest based on your rules they will be scanned by the data control component. If it makes sense you can then optionally decide to exclude some of these file paths for the rules if this would help or change the rules, especially custom control control ones to be less broad.

    I would also suggest turning the logging in SAV for the DataControl component to Verbose, this will then log more about the rules being fired.

    I hope this helps.

    Thanks,

    Jak 

    :3166
Children
No Data