i wanted to ask you if you ever had such problems or scenarios,
First the scenario problem:
The requirement i have is this (as an example):
Block all email send attemps if Tag1 and Content1 has been detected, UNLESS domain is contoso.com, then let it through,
is this possible?? because if i creat an all email destination rule, and then a rule to just monitor contoso.com as destination, it still gets blocked,
so this means DLP has no policy precedence??
as to the problem,
two DLP infraestructures, same policies, same scenarios, with 2 subtle diferences: one is in english, one in spanish (OS, ePO, DLP and client OS),
So the working one is this:
Win 2008 R2 English
ePO 4.6.3 + DLP 9.2.1 English
Windows 7 x64 English with 4.6.0 Agent and DLP 9.2.1
the non working one is this:
Win 2008 Spanish
ePO 4.6.3 + DLP 9.2.1 Spanish
Windows 7 x32 Spanish with 4.6.0 Agent and DLP 9.2.1
the infraestructure running in spanish DOES NOT block USB, and its the same blocking policy that works on the english one,
its a simple USB block rule, All aplications, simple tagging with all default credit card definitions with the PCI dictionary,
using a simple txt for testing, same txt, 250min characters, with 3 different valid credit card numbers.
i even tried a content and tag with ALL definitions, still no luck on blocking USBs,
Thanks for your time!
DLP Endpoint has no policy precedence. If a transmission matches 2 rules, the most restrictive one applies so be careful while you create the rules.
Regarding USB, you'll probably have to open a SR.
Blocking of USB device has two parts,
One rule sets if you can or can't use the device and if its read/write, read only, or no read
Second part sets how data is allowed to leave. IE this file type of is match of word (DIC or Pattern) is found.
- Not that I know how different laguages, but I do know where in English we use "," while euro they use "."