What do you like to do? Tell us about the first one rule of protection that you can not get.
For example, I want to block the sending of files in social networks. Put screenshots of its rules of protection, so that you can understand your problem.
Somehow I managed to get the VM from snapshot, attaching the policy screenshots.
I have tried to create Printing Protection Rule and Web Post rules.
1. Printing Protection - I have used the Location based Tag (the same tag that worked with Screen Capture policy) and create Protection rule by Including Local Printer. I have select the same user group (assigned user with screen capture rule).
For testing, I have added local printer (From Add Printer Option, select random printer and add it) to my VM and try to Print, it's not blocking. In general, if we apply this rule then it give Block screen while selecting Printer for Print.
2. Web Post Protection - I have used Location based tag (the above one) and create protection rule by including yahoo.com but still it's not working.
In addition to this, I have run DLP Diagnostics tool and shows that the above protection rules are applied to this system.
Sorry I don't have screenshot available, it was deleted due to issue in VM. The question is like some rules are working and some not, so is there any additional steps we need to take to apply policy on one try only.
Screencapture.zip 129.8 K
1. I do tested Location based Tag and it did not block printing file.
I suggest you testing application based tagging rule or content classification rule.
1.Content Based Definitions - Add new - Dictionary and add some words or choose any existing dictionary.
2. Add New - Content Classification Rule - give it any you like name and Edit.
Step 2 choose you Dictionary, next
Step 3 next
Step 4 chooce existing Content Category (it is on Tags and Categories tab).
3. Protection rules - Add new Printing Protection Rule - give it any name and Edit.
Step 1 Select from list Any Network Printer,
Step 2 Select from list Any Local Printer,
Step 3 next
Step 4 choose (Include) you Content Category
Step 5 choose Reaction (try block, monitor, store evidence and notify user)
Step 6 select user groups (if you do not select you will need to select computer (endpoint systems) into epo - system tree - assigned policies tab - Product Data Loss Prevention... category (into table) Computers Assigment Group).
4. Save you police on hard drive and Apply for epo.
Test it! It must work. Remember, that DLP do not work with any PDF and picture formates (extentions). You do not control this extentions with DLP Endpoint 9.3.4.
To you Web Post Protection Rule try another category or tag. You Web Destination is right (OK).
Steps 1 and 2 like into previous example.
3. Go to you Web Post Protection Rule:
Step 1 choose you Web Destination
Step 2 - 6 next
Step 7 choose Reaction (try block, monitor, store evidence and notify user)
Step 8 select user groups (if you do not select you will need to select computer (endpoint systems) into epo - system tree - assigned policies tab - Product Data Loss Prevention... category (into table) Computers Assigment Group).
Test it! It must work. If you sending some file into you mail (for example) DLP block it and show you the window.
About Printing Protection - DLP block you printing and show you the window and you printing program (Word or another program) show you message like "Something went wrong or Printing failed for an unknown reason or Printing failed because the printer can not be found.".
sorry for the delay in response...
I have checked and found that there is some issue with VM build. I have change my lab with new Vms and now rules are working without any issue.