I have a Removable Storage priotection Rule that monitors and notify me when any user copies files from one specific network share to any type of removable storage.
I have a classification rule that tags all files on that share.
The rule is functioning on all Windows machines but I can't get it working on macs (OS X El Capitain).
To test if the mac DLP agent is functioning I temporarily created a device control rule that block all USB devices connecting to mac and the rule was applied successfully.
I've created a separated DLP Policy and Rule set that only applies to OS X but with no success.
Anyone can help me?
The DLP agent relies on the client system to correctly report the group memberships for the logged on user and I am assuming you have the rules configured to be dependent on AD integration Windows side. If you apply the rule to local system accounts ("is any local user") does the rule then function? Do you have the rule configured to look at a specific share or any share? Same with the application - is it configured for any application or specific apps?