4 Replies Latest reply on Jun 2, 2010 12:40 PM by vimalnavis

    Few Queries on DLP.. need help urgently...

      Hi All,


      Hope u guys would be able to help me out on the following queries, thanks in advance too.


      1. I need to know exactly how the Offline and Online locations are determined by DLP to assign different policies??

      2. If File tracking is possible; i.e if a Mass storage device is just monitored and not blocked and if something is written on this certain storage can I from the DLP monitor be able to see what files where written, and if YES, Could you pls let me know what steps i need to take to get it working.


      i also have an issue:


      When trying to access the evidence of a screen capture from the DLP monitor i get the error saying: "Evidence is not available"

      i have done all the proper configurations provided on the installation guide, and i have also added "Everyone" for the Share as suggested on different posts on this issue but the problem still persists......



      pls pls pls HELP ME!!


      a quick response would be highly appreciated,

      thanks alot in advance..



      -Shabeer Shiyam



      on 5/2/10 12:26:59 PM CDT
        • 1. Re: Few Queries on DLP.. need help urgently...


          1. Location determinated by ICMP probing LogonServer (Domain controller).

          2. If your files marked by tag, you can monitor/block/collect evidence during file copy process to removable media.

          3. Evidence replicated in background by agent and probably arrives after event. Please check permissions (NTFS and Share) for Evidence folder. Usually group "Domain Computers" must have write    permissions in both settings.


          Best regards




          • 2. Re: Few Queries on DLP.. need help urgently...

            1. Has already been answered on the previous post.

            2. Use Removable Storage Protection Rules to monitor file copy to Removable Storage devices.

            3. Ensure that you provide Domain Computers with Write permission and the current logged in user with both Read and Write permissions (since HDLP performs a write operation when decrypting the file). e.g If you are logged on to the machine with your ID and you would like to view the Evidence files, ensure that your AD ID has Read/Write permissions on the NTFS Security Tab of the Evidence$ share.


            Remember that Share permissions are different from File System (read NTFS) Security permissions.

            • 3. Re: Few Queries on DLP.. need help urgently...

              Hi Vimal,


              Thanks for the replies with the answer to my earlier queries,


              i have one small doubt on the Online\Offline policies, and i hope you would be able to give me a quick response as earlier..


              I need to know if a customer without an AD installs DLP and wants offline policies, will it work?.... how can it be accomplished?


              really appreciate your help so far, and excepting an answer to this aswell..



              Thank you,



              -Shabeer Shiyam

              • 4. Re: Few Queries on DLP.. need help urgently...

                Without AD you will not be able to use the Online / Offline feature.