We have just started to test DLP 9.3 among some of the IT machines and are trying to get to a point where we can monitor when people upload files to the web (mainly for monitoring dropbox, yousendit etc)
After creating a web post protection rule it seems to flag up all manner of files constantly when just browsing web pages, what are we doing wrong and is this the correct rule type for what we are trying to do?
How are you triggering the rule now - with a content category? We've setup the same rule but we're only triggering when the content being uploaded matches the content category (custom defined dictionary/word list). Works fine for us.
We set it up initially very open ended in that it would just monitor all web posts (all web servers, all files) so that we can see when people upload company data to external sites but that doesnt work too great, basically pops up constantly when just browsing the web!
Think we need to maybe tie it down to some file types and test again, at the moment we've had to disable it and we're just testing it among ourselves before going anywhere near a live pilot.
WPPR monitors pretty much all HTTP_POST call.
Whenever you browse the net [intranet or internet] , HTTP_POST calls are made.
So you are bound to get tons of information.
By restricting file types to office files, pdf and image you will drdstically drop the number of files...I also excluded our intranet and sharepoint servers.
If you are concerned about certain domains you can also try and specify certain domains to drop them.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center