2 Replies Latest reply on Jan 30, 2017 5:38 PM by vmnit

    Application File Access Protection for Macintosh DLPe10

    vmnit

      Does anyone know how to setup a Macintosh DLPe 10 rule for Application File Access Protection? I'm stuck at creating the Application for Macintosh system, have not found any KB for examples or application templates for Macintosh.

        • 1. Re: Application File Access Protection for Macintosh DLPe10
          hhoang

          I have not done much testing with the MAC client, however, I did get it to function with a generic application template:

           

          Executable Directory > Contains > "/Applications "

           

          So it should essentially trigger on any application accessing my generic classification.

           

          In my example it generated an incident when opening a text file with the OSX TextEdit application.  In the incident details if you click on the "Source Application" hyperlink it will give you the rest of the variables that you can use to make the application rule more granular:

           

           

          Edit:  Corrected definition syntax.

          • 2. Re: Application File Access Protection for Macintosh DLPe10
            vmnit

            Thank you. I was able to create a rule for Microsoft Outlook on Macintosh. But it seems strange that some of these rules don't have any exception conditions to help tune the rule.