5 Replies Latest reply on May 18, 2015 11:14 AM by bhautik

    DLP Endpoint policy issue

    bhautik

      Dear Members,

       

      I have tried installing DLP endpoint 9.3 version in my UAT environment. I have install and configure all the components from BEst Practice guide and installation guide.

      And have install 1-2 clients to test policy.

      I have found that the Device Control policy is working fine and it's applying properly but it's not properly working with DLP endpoints.

      I have created Location Base Tagging and create Clipboard Protection, Screen capturing, web Post, Printing Protection.

      Here Clipboard and screen capture policy working fine but other policies are not working.

       

      Also if I made change to Device control, it's rolling out smoothly but DLP not working. Any thoughts or anything I can do to make this policies working?


        • 1. Re: DLP Endpoint policy issue
          palex

          Hello, bhautik!

          What do you like to do? Tell us about the first one rule of protection that you can not get.

          For example, I want to block the sending of files in social networks. Put screenshots of its rules of protection, so that you can understand your problem.


          Regards.

           

          • 2. Re: DLP Endpoint policy issue
            bhautik

            Somehow I managed to get the VM from snapshot, attaching the policy screenshots.
            Hi Palex,

             

            I have tried to create Printing Protection Rule and Web Post rules.

            1. Printing Protection - I have used the Location based Tag (the same tag that worked with Screen Capture policy) and create Protection rule by Including Local Printer. I have select the same user group (assigned user with screen capture rule).

            For testing, I have added local printer (From Add Printer Option, select random printer and add it) to my VM and try to Print, it's not blocking. In general, if we apply this rule then it give Block screen while selecting Printer for Print.

             

            2. Web Post Protection - I have used Location based tag (the above one) and create protection rule by including yahoo.com but still it's not working.

             

            In addition to this, I have run DLP Diagnostics tool and shows that the above protection rules are applied to this system.

             

            Sorry I don't have screenshot available, it was deleted due to issue in VM. The question is like some rules are working and some not, so is there any additional steps we need to take to apply policy on one try only.

            • 3. Re: DLP Endpoint policy issue
              palex

              Hi, bhautik!

              1. I do tested Location based Tag and it did not block printing file.

              I suggest you testing application based tagging rule or content classification rule.

              For Example:

              1.Content Based Definitions - Add new - Dictionary and add some words or choose any existing dictionary.

              2. Add New - Content Classification Rule - give it any you like name and Edit.

              Step1 next

              Step 2 choose you Dictionary, next

              Step 3 next

              Step 4 chooce existing Content Category (it is on Tags and Categories tab).

              3. Protection rules - Add new Printing Protection Rule - give it any name and Edit.

              Step 1 Select from list Any Network Printer,

              Step 2 Select from list Any Local Printer,

              Step 3 next

              Step 4 choose (Include) you Content Category

              Step 5 choose Reaction (try block, monitor, store evidence and notify user)

              Step 6 select user groups (if you do not select you will need to select computer (endpoint systems) into epo - system tree - assigned policies tab - Product Data Loss Prevention... category (into table) Computers Assigment Group).

              4. Save you police on hard drive and Apply for epo.

              Test it! It must work. Remember, that DLP do not work with any PDF and picture formates (extentions). You do not control this extentions with DLP Endpoint 9.3.4.

              • 4. Re: DLP Endpoint policy issue
                palex

                To you Web Post Protection Rule try another category or tag. You Web Destination is right (OK).

                Steps 1 and 2 like into previous example.

                3. Go to you Web Post Protection Rule:

                Step 1 choose you Web Destination

                Step 2 - 6 next

                Step 7 choose Reaction (try block, monitor, store evidence and notify user)

                Step 8 select user groups (if you do not select you will need to select computer (endpoint systems) into epo - system tree - assigned policies tab - Product Data Loss Prevention... category (into table) Computers Assigment Group).

                Test it! It must work. If you sending some file into you mail (for example) DLP block it and show you the window.

                 

                About Printing Protection - DLP block you printing and show you the window and you printing program (Word or another program) show you message like "Something went wrong or Printing failed for an unknown reason or Printing failed because the printer can not be found.".

                 

                Regards

                • 5. Re: DLP Endpoint policy issue
                  bhautik

                  Hi Palex,

                   

                  sorry for the delay in response...

                  I have checked and found that there is some issue with VM build. I have change my lab with new Vms and now rules are working without any issue.

                   

                  Thank you.