i have a rule that works when a user copy a file to a shares directory it report this issue to the DLP Incident Manager,
which is good.
works by this rule :
Network Share Protection -> condition -> 'and Network share' is one of (OR) -> all the shares files we have in the company.
what i need is a revers rule - that users could not copy Data from the shares files. or at least i get an report on it.