I have created an application content fingerprint classification which consists of
1. a couple of applications (including browsers such as IE)
2. a specific regular expression.
This classification is then added on a screen capture protection rule.
Whilst this rule does work well with most of the apps, it doesn't work well with IE.
If i create a File with Notepad whose contents match my regular expression, and later open it up,
then any screen capture action gets blocked which is what I desire.
If I open up Internet Explorer without any web content whatsoever, and try to screen capture,
then I get blocked which is not something that I want.
What I want is to block screen capture when a file gets created/saved by Internet Explorer AND that file
contains a specific regular expression.
Any ideas are welcome.
1. Please share the classification and regular expression created
2. Snapshot of the Policy.
3. Snapshot of the block in endpoint.
4. Please export the event created by screen capture in ePO under Incident Manager.
Will check if there is any configuration missing.
Please check the status of the IE in the application stratergy. The IE is not an editor and hence you will not get the DLP trigger for it.
Naveen S Y
I don't know if the below is related to your issue, or not.
One thing to note about Screen Capture Protection is it does not account for window/application focus. If you have an application process running and content matches your classification fingerprint(tag) criteria, the rule will match, regardless of whether the application is in focus.
Based on your screenshots of the rule criteria, any application running (and set to Application Strategy "Editor") which contains the defined classification string, will cause the rule to match and Block control enacted.