I have created a block policy for all file types in DLP endpoint 9.3 patch1& it is working fine but when I tried that by reboting machine in safe mode it is not worwking & files are copying in pen drive instead of blocking.........
Framework service is showing as stopped on client machine & when trying to restart it its not allowing to do that but that is not my concern,problem is that prevous policy applied should work whether services are stopped are not........
I think this is a documented shortcoming of dlp...its basically dead on in safe mode.....however there is a microsoft hotfix u can install and use a gpo to add a registry key...and it should prevent regular users from booting to into safe mode.
Dlp will record machines being booted into safe mode...u can check the setupapi.dev.log on those machines to see if any sd or usb were used.
Lots of information about this in the knowledge base, for example
This feature is to allow DLP to run and actively block removable storage in Safe Mode, or only to protect itself from being deleted?
Can you elaborate on this feature?
I have enabled the option of safe mode in advanced configuration...& the policy which are applied before moving to safe mode is working fine,but in safe mode i cant apply any new policy as agent is not running in safe mode & when i try to start the services it it giving me msg that you cant start the service.......
Is it OK or there is something i am missing????
Plz let m know