Please help to provide me solutions on this case.
Hello and thank you for posting here!
Based on your attached screenshot, I believe you have your application definition configured correctly. What type of rule have you been using when attempting to block file uploads to these applications? I would recommend an Application File Access Protection Rule.
I created rule in Application File Access Protection Rule, but it still cannot block this. With Skype, it has a block alert, but the sensitive file still send through Skype.
The package DLP using is 11.5 (dowloaded from Software Catalog)
You may want to test with the configuration steps mentioned in KB92287 if you have not done so already. This KB also has you create an Application File Access Protection Rule, but uses an application based finger printing classification.
If the steps in that KB do not yield positive results, I would recommend running Process Monitor while attempting to upload a file to one of these IM applications. This would help identify any other process that may be touching the file during the upload process. If additional processes are found, they would need to be included in your application template definition. If you need assistance in reviewing the process monitor log, I would recommend opening a Service Request with our Support team.
Hi @DucDinh ,
To answer this question/issue below,
Question/Issue: With Skype, it has a block alert, but the sensitive file still send through Skype.
Answer: The file will be nulled out and sent to the destination user in the chat application. If you can open the file at the recipient end you can find that the file details will be nulled out by DLP. So there is no Data loss of confidential information sent to the end recipient.
Please check below information, the EPO received the event from the client - Block sensitive file. But the receiver still can open and download the sensitive file. I tried define another application (viber, telegram), it has no log.
Does the evalution limitted the features (evalution license key for DLP endpoint)? I tried configure Registered documents, it cannot use too.
Note: I tried 2 version DLP 184.108.40.2062 and 220.127.116.112. They have same problems.