Thanks for reply! I just want permit staff can chat with yahoo, googletalk,... but block transfer files out of company. i created 1 protection rule(network communication protection rule) on the first box i input my local network range(192.168.1.0/24), second box i network port(80:tcp), third box(outgoing), four box(IM Applications), five box(ignores tags when applying rule), six box(Block, notify users), seven box(Everyone Groups). Appreciate!
I do not per say use any of the IM's myself....but did a quick search and googletalk uses port 5222 and 443.....(so in the ports section it would be like this 443, 5222) so those should be defined as part of the protection rule.
Also, make the reaction rule as basic as possible in order to see it trigger first, then go through rule refinement.
On another note, not all IM like applications have been mapped into DLP Host, so I might suggest that on the ePO Server, you map the C: of a client system and scan that system for the googletalk or other IM exe files so that they are in the system.
Thanks for reply, i just need block yahoo transfer file, not all IM applications. Now i can block yahoo messenger with block port 5050 but i can not block transfer file with port 80. I don't know yahoo use any others port to transfer file? Appreciate!
Message was edited by: smalldog on 11/24/09 8:21 PMMessage was edited by: smalldog on 11/24/09 8:22 PM
You can try blocking the TCP port 5101. This is the port generally used by the yahoo msgr to transfer the files.
Also, apply the protection rule only on some tags and keep it in the monitor/Notify mode first so that you can check by transfering the tagged files thru the messenger.on 11/25/09 11:52 PM
Like i know yahoo transfer files thru port 80, I monitored session before and after send files, yahoo messenger will make a connection on port http(80) to transfer files. I block port 80 for IM application and Web browsers but just web browsers can execute policy block websites and IM is not. I think when yahoo messenger can log into servers then block port 80 is can not operation. Just my ideas!