cancel
Showing results for 
Search instead for 
Did you mean: 
chares
Level 9

DLP 9.2.1 - Email exclude and USB dont block

Hi everyone,

i wanted to ask you if you ever had such problems or scenarios,

First the scenario problem:

The requirement i have is this (as an example):

Block all email send attemps if Tag1 and Content1 has been detected, UNLESS domain is contoso.com, then let it through,

is this possible?? because if i creat an all email destination rule, and then a rule to just monitor contoso.com as destination, it still gets blocked,

so this means DLP has no policy precedence??

as to the problem,

two DLP infraestructures, same policies, same scenarios, with 2 subtle diferences: one is in english, one in spanish (OS, ePO, DLP and client OS),

So the working one is this:

Win 2008 R2 English

ePO 4.6.3 + DLP 9.2.1 English

Windows 7 x64 English with 4.6.0 Agent and DLP 9.2.1

the non working one is this:

Win 2008 Spanish

ePO 4.6.3 + DLP 9.2.1 Spanish

Windows 7 x32 Spanish with 4.6.0 Agent and DLP 9.2.1

the infraestructure running in spanish DOES NOT block USB, and its the same blocking policy that works on the english one,

its a simple USB block rule, All aplications, simple tagging with all default credit card definitions with the PCI dictionary,

using a simple txt for testing, same txt, 250min characters, with 3 different valid credit card numbers.

i even tried a content and tag with ALL definitions, still no luck on blocking USBs,

Any ideas???

Thanks for your time!

0 Kudos
4 Replies
georgec
Level 13

Re: DLP 9.2.1 - Email exclude and USB dont block

DLP Endpoint has no policy precedence. If a transmission matches 2 rules, the most restrictive one applies so be careful while you create the rules.

Regarding USB, you'll probably have to open a SR.


George

0 Kudos
chares
Level 9

Re: DLP 9.2.1 - Email exclude and USB dont block

Thanks for the anwer man,

So to get policy precedence, i should use NDLP in conjunction with the MTA addon?

Cheers,

0 Kudos
choscar08
Level 7

Re: DLP 9.2.1 - Email exclude and USB dont block

Hi Chares,

Did you solve your issue regarding USB blocking rule ??

Because we have the same issue.

Thanks, regards.

0 Kudos
theglot
Level 7

Re: DLP 9.2.1 - Email exclude and USB dont block

Blocking of USB device has two parts,

One rule sets if you can or can't use the device and if its read/write, read only, or no read

Second part sets how data is allowed to leave.  IE this file type of is match of word (DIC or Pattern) is found.

- Not that I know how different laguages, but I do know where in English we use "," while euro they use "."


0 Kudos