I created an Application File Access Protection Rule, and selected 'Windows CD Burner' as one of the application definitions. I am trying to build a rule to 'monitor' and 'notify user' when files are burned to CD ROMs, but after applying this rule (and performing a "check for new policies" and "collect and send props" on the endpoint agent), I was still able to burn files using the Windows CD Burner, without any alerts or events appearing in the DLP Monitor. Am I missing something needed to get this working, or misunderstanding the purpose of this kind of rule? I was hoping there was a way to detect when files are being burned to disk.
DLP version is 9.2, ePO version 4.6.4, and the test PC is running Windows 7 Professional 64-bit.
Thanks in advance.
How you defined your "Windows CD Burner"?